Digital Version of November/December 2014 Print Edition
Federal employees take security risks with mobile devices
Forty-one percent of government employees are putting themselves and their agencies at risk due to insecure mobile device practices, according to a study from the Alexandria, VA-based Mobile Work Exchange (MWE) and Cisco Systems, of San Jose, CA.
The results of the study, “The 2014 Mobilometer Tracker: Mobility, Security, and the Pressure in Between,” derive from findings of the Secure Mobilometer, a mobile security self-assessment tool offered by the MWE, a public-private partnership focused on demonstrating the value of mobility and telework.
Many government respondents are taking basic steps to secure agency data. Eighty-six percent lock their computer when away from their desk, 86 percent have a safe and alternative workplace compatible for work, and 78 percent always store files in a secure location.
But government employees are not showing the same caution with mobile devices, according to the study, and 90 percent of government respondents use at least one mobile device -- a laptop, smartphone, or tablet -- for work purposes. Thirty-one percent use public Wi-Fi networks, 52 percent do not use multifactor authentication or data encryption, and 25 percent do not use passwords for work-related devices. Even when employees use passwords, almost one in three acknowledges using an “easy” password and six percent have written them down.
When the appropriate security policies and procedures are in place and enforced, a mobile workforce can be a tremendous asset to a government agency, according to the MWE. But more than one in four government employees have not received mobile security training from their agencies. Further, just 50 percent of respondents said their agencies have formal, employee-focused mobile device programs. Half of the agencies represented in the assessment lack basic mobile security steps, like using a remote wipe function or adding multifactor authentication or data encryption on mobile devices.
“With the proliferation of devices, security continues to be a major concern,” says Larry Payne, Cisco vice president, U.S. federal. The study shows that six percent of government employees who use a mobile device for work say they have lost or misplaced their phone. “In the average federal agency, that’s more than 3,500 chances for a security breach. Organizations need to take the necessary steps to protect their data and minimize the risk of data loss.”
Still, government respondents scored considerably safer on the Mobilometer than their private sector counterparts. For example, 97 percent of government respondents who telework said they have a formal telework agreement in place versus just 56 percent of private sector respondents. Fifty-three percent of government agencies require employees to register mobile devices with the IT department versus just 21 percent of private sector organizations. In addition, 53 percent of government agencies require employees to take regular security training related to mobile devices compared to just 13 percent in the private sector. Moreover, 15 percent of government respondents have downloaded a non-work-related app onto mobile devices used for work versus 60 percent of private sector respondents.
“While the government is significantly safer than its counterparts, there is still much work to be done,” said Cindy Auten, MWE general manager. “Ensuring policies are being enforced is the best way to secure critical government data.”
The study is based on Mobilometer results from three months late last year. It reflects input from 155 individual government responses and 30 agency responses and 97 individual and 24 organization responses from the private sector.