One-fifth of IT pros say their companies had mobile data breach

IT pros have long been concerned about the potential for security breaches with increased employee use of mobile devices, including smartphones and tablets owned by workers who bring in their own devices from home.

A new survey of 882 IT professionals has quantified those concerns, revealing that one in five organizations (21%) suffered a security breach involving a mobile device sometime in the past, primarily due to connections to malicious Wi-Fi hotspots and malware.

The online survey was conducted by Crowd Research Partners and was sponsored by six top data security vendors: Bitglass; Blancco Technology Group; Check Point Technologies; Skycure; SnoopWall; and Tenable Network Security. All six vendors offer various approaches to protecting corporate data used by mobile workers.

The full survey is available online with registration.

Nearly one-fourth (24%) of respondents said mobile devices used in their organizations had connected to a malicious Wi-Fi hotspot in the past, while 39% said those devices downloaded malware. The responses included both worker-owned or corporate-owned devices.

Perhaps more troubling was a finding that 37% of organizations were not even sure whether mobile devices had been involved in security breaches in the past.

The survey involved 882 IT professionals who are part of the 300,000-member Information Security Community on LinkedIn. About 30% of the respondents were from the U.S., although nine other countries were represented.

Holger Schulze, the founder of the LinkedIn community, said the survey indicates that mobile security data breaches and risks are on the rise. Many companies see productivity improvements with BYOD, but those gains can be undercut by security threats and burdens placed on IT support staff to remedy breaches and monitor security.

In fact, security worries were cited by 39% of the IT pros as the biggest inhibitor of BYOD adoption, with the main worry being the loss of sensitive corporate data.

Despite such concerns, the survey found just 30% of respondents plan to increase security budgets for BYOD programs in the coming year; 37% have no plans to change their budgets.

“BYOD can be a tough nut for organizations to crack,” Blancco CEO Pat Clawson said in a statement. Some organizations worry whether to adopt BYOD without complete security controls in place, he added.

Part of the purpose of the survey is to better educate businesses about mobile security risks and remedies, he added.

Gartner and other analyst firms have long urged companies to carefully manage corporate data on workers’ smartphones and tablets, whether they are corporated-owned or employee-owned. End-to-encryption of data is encouraged, along with partitioning corporate data from personal data, a feature available now on many smartphones.

The survey found that just 34% of respondents wipe sensitive data from employee devices when they leave the company. Whether the device is employee or corporate-owned, unwiped data can be stolen by unauthorized parties, risking a worker’s privacy as well as corporate and customer data.

The vendors who underwrote the survey recommended the use of enterprise-class, certified mobile data erasure software to wipe data permanently, although they didn’t name any particular product. Dozens of companies offer such software.