Report: Businesses at risk from unreported mobile device theft

A new survey from Kaspersky Lab shows some concerning trends when it comes to securing and protecting business data on mobile devices.

Part of a company embracing mobile devices is ensuring tools are in place to remotely wipe sensitive data from a smartphone or tablet if it is lost or stolen. A new study from Kaspersky Lab identifies an obvious and concerning fact, though--those tools offer little value if the missing device isn't reported.

Kaspersky Lab surveyed nearly 4,000 IT professionals regarding mobile device security concerns. The results illustrate the challenges facing IT managers and an apparent disregard among users for securing mobile devices or protecting business data.

When a smartphone or tablet is lost or stolen, every minute counts. If the device wasn't locked at the time of its loss or theft, whoever is in possession of it may still be able to access the applications and data it contains. IT personnel can only take steps to lock down the device and erase sensitive data if they know the device has been compromised in the first place.

According to the Kaspersky survey, only half of employees report the loss or theft of a mobile device within one day. In North America, that number drops to just 43 percent. More than a third--38 percent--take up to two days to notify their employer of a missing mobile device, and almost one in 10 employees may take up to five days to report one.

What is even more concerning is those numbers are heading in the wrong direction. When Kaspersky conducted a similar survey in 2013, 60 percent of employees reported a lost or stolen mobile device within a day.

Obviously, this is concerning. More than four in 10 IT professionals believe BYOD policies and mobile working patterns introduce increased risk for businesses.

As mobile devices continue to gain prevalence and become primary computing devices for many users, organizations are going to have to reconcile the risks posed by mobile devices with the lack of concern by users.

It's possible users may not initially realize a mobile device is missing or when they do, they don't report it immediately because they believe they will find it. It may be users fail to report a missing mobile device out of fear of the consequences of having lost it. Organizations need to stress the urgency of reporting a lost or stolen device and foster an environment where users are more concerned about protecting sensitive business data than they are about any personal repercussions.

In the meantime, it would also be prudent for organizations to implement stricter security controls on mobile devices, such as policies that enforce automatically locking the device after a relatively short idle period. This will thwart easy access to the data it contains and buy time so it can be remotely wiped.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitymobile securitydata protectionkaspersky lab

More about Kaspersky

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts