Securing Mobile Data in the Event of Device Loss or Theft
As a business or technical leader, you know you need to protect your company in a rapidly evolving mobile ecosystem. However, threats are not always obvious. As malware and attacks become more sophisticated over time, business decision makers must work with technical decision makers to navigate security threats in a mobile world.
This blog series, authored by Kathy Trahan, will explore the topic of enterprise mobility security from a situational level and provide insight into what leaders can do now to mitigate risk. To read the first post focused on securing device freedom, click here. The second post, available here, focused on the risks that come with mobile connections. Kathy’s third post outlined three top considerations leaders must consider when examining their current mobile data security plan. The fourth post in this series highlights how security compliance is necessary for real-time mobile data access. – Bret Hartman, Chief Technology Officer (CTO) for Cisco’s Security Technology Group
Many of us have experienced that panicked “oh no!” moment when we’ve misplaced a mobile device or worse, found out it was stolen. The stakes are raised even higher when a lost or stolen device is company issued, or a personal device an employee uses for business purposes and contains sensitive data.
According to a recent report, more than 3.1 million smart phones were stolen just in America last year alone. This same report revealed that 34% of people took no security measures at all to protect sensitive information – not even a simple four-digit password. 51% of end users use their smartphone to perform daily business activities.
Without the most basic of security measures in place, it becomes just that much easier for a thief or hacker to access either personal information or protected company information such as customer data, financial records and more.
The probability of a mobile device being lost or stolen is high and in anticipation of these occurrences, it’s critical for both Business Decision Makers (BDMs) and Technical Decision Makers (TDMs) to have a documented plan of action in place to protect sensitive information.
Let’s examine why device loss is rising and how organizational leaders should approach the challenge of solving this problem.
Why Device Loss Is on the Increase
The sheer growth of mobility, combined with the power of the mobile cloud, have both changed how we conduct business each day. And while these technologies have made it possible to connect in new ways regardless of user location, it has also caused security concerns, and lost and stolen occurrences to rise. Consider these facts:
- Last year, global mobile traffic grew 81 percent, a trend predicted to continue its upward climb well into 2018. It’s simple math, but more people with more mobile devices undoubtedly increases the risk of theft or loss.
- Most mobile devices are like ones wallet-it goes everywhere with you. This was established when the first mobile phone entered the market. And the usage of the smartphone is frequent given all the services available on it. Tablet usage is accelerating as well, given their ease-of-use services offered, such as being an electronic book. This increases the chance of being stolen or lost.
Mobile cloud, fueled by the growth of mobility, has completely changed the ways in which businesses and employees can engage with their employees and customers. The ability to access information, share files, check email, and not compromise carrying out “normal” daily business operations can be attributed to the flexibility mobile cloud offers. Mobile cloud has removed the “exclusive” label from exactly “who” is able to conduct business on-the-go; from assistants to CEOs, everyone with security clearance and an equipped device can access company data in the cloud.
- Businesses and employers are increasingly embracing all facets of an enterprise mobility strategy, especially when it comes to allowing employees to use their own devices to access data and applications. Gartner estimates that by 2017, at least half of employers will require employees to supply their own devices for work purposes. Because employees would more than likely be using the same mobile device for both their personal and business lives, it’s easy to lose sight of the importance of guarding a personal device as securely as one would if it were company-issued.
Considerations for IT and Business Leaders
Though there is no “one-size-fits-all” policy, both BDMs and TDMs have equal stake in reducing security risks that come from the loss of mobile devices. Security policy considerations must factor in a variety of scenarios and concerns, including:
- The loss or theft of a device by a terminated employee
- Avoiding productivity compromises
- What is the device lost policy? If lost are corporate device denied access immediately and content wiped? If personal device is used for work, do you follow the same protocol?
- What is the financial impact for a lost or stolen device? Surely it just can’t be pure replacement. Recent research notes the average cost for a lost laptop is just over $49,000 where 80% of the cost is data breach costs. That number may change given the user and their data.
Mobility has quickly grown from a trend to an ever-evolving business model, critical for companies who wish to remain competitive. But as businesses continue to embrace mobility, they must plan to stay ahead of all potential security threats where sensitive data is concerned. The task is not impossible, and by asking critical questions about their mobility practices, assessing every fathomable security threat and working with employees, business leaders, and CXOs can mitigate these threats and ensure their sustainability in the mobile landscape.
For more information about the Future of Mobility, follow @Cisco_Mobility on Twitter and join the conversation #FutureOfMobility.
- Kathy Trahan’s blog on Securing Employee Device Freedom
- Read The Risk of Remote Connection: What’s Your Plan by Kathy Trahan
- The third blog in this series- Securing Mobile Data: What’s Your Plan by Kathy Trahan
- Read the fourth blog in this series Security Compliance is Necessary for Real-Time Mobile Data Access by Kathy Trahan
- Review the Cisco 2014 Annual Security Report
- Check out Executive Perspectives on Mobility Trends
- Read Wearable Technology: A Cyber Security Risk on Your Wrist?
- View the Navigating Security in a Mobile World Interactive Asset