Wednesday, September 18, 2013

Confidential Data and Mobile Devices

According to a recent article at, “more than half of employees admit to storing, sharing and working on corporate documents on their personal devices—and this number is growing.”

This is concerning for a number of reasons, not the least of which is the fact that confidential work information is being stored on devices where far fewer security measures are available and that receive much less security attention.

Confidential Data and Mobile DevicesSecond, it means that employees are still not following the rules of appropriate use. Some companies have a “Bring Your Own Device” policy (read: don’t do it), but many corporations are still struggling to create policies that adapt to an increasingly mobile work world. Even companies that pride themselves on writing airtight policies about information security and computer use may find that their policies are completely ignored because of convenience (or whatever). And often, management chooses to turn a blind eye to their own policies, because it is just plain easier to let people user their personal computers, Smartphones and tablets.

And so, workers are still putting corporate information on personal Smartphones, tablets, and notebooks—either because their employers cannot provide a device or because it’s simply more convenient. And the same holds true the other way—people are putting personal information on work devices, in an effort to keep everything conveniently at hand.

But what may be most concerning is the apathetic attitude toward mobile device security by Millennials. This new, young generation of workers (typically born between the early 1980s and early 2000s) is growing and may make up the majority of the workforce by 2015. They also show a tendency to play fast and loose with sensitive documents and worry less about the damage a security breach might cause.

So what’s the lesson here? Companies have to address this issue explicitly. Additionally, security audits must include ANY device that can hold sensitive data. Employees are likely to balk at "personal" devices being controlled by security policies and audit, but the only response to this is no personal devices allowed at all.

Read more here: