New study reinforces disconnect between mobile device use, security

While many people use smartphones and tablets for critical information, few organizations have taken steps to keep the devices safe from cyber threats, according to a new survey from the Polytechnic Institute of New York University and AT&T.

According to the survey, 90 percent of respondents allowed employees to access work email via mobile devices, and 41 percent say they allow their employees to access important files via mobile devices. But just 65 percent reported that information and data security of wireless devices is a concern – even as 91 percent of respondents said they were concerned about computer and online data security. And fewer than one-third (29 percent) have installed anti-virus software on smartphones.

The survey found that 82 percent of small businesses have taken steps to secure company laptops. Meanwhile, just 32 percent are taking measures to protect smartphones, and 39 percent to protect tablets. Of those not taking security steps, fewer than half (42 percent) have plans to increase security.

"There is a troubling disconnect between business owners who want to keep data safe and the necessary steps to protect it," said Ed Amoroso, chief security officer at AT&T, in a press release. "With more employees using mobile devices, especially personal devices, business data is increasingly vulnerable to cyber threats. Protecting critical information can be easy and affordable, and small businesses need to recognize the reality of today's environment – this is a step they can't afford to ignore."

Nearly four in 10 respondents (37 percent) reported being the victim of a security breach, such as a virus, mobile malware or phishing, with 21 percent being victimized within the last two years.

It's crucial for organizations to "understand their risk profile," said Nair Memon, a professor of computer science and engineering and founding director of The Center for Interdisciplinary Studies in Security and Privacy (CRISSP) at NYU-Poly, in the press release. "This means treating every device that touches your network, from laptops to smartphones, as vulnerabilities and ensuring that security is built into the equation at every level."

The survey mirrors one conducted this summer by Coalfire, in which almost half of 400 individuals surveyed across a wide range of industries said their IT departments hadn't discussed security issues with them. In that survey, 51 percent said their companies don't have the capability of remotely wiping data from a device if it's lost or stolen.

In an interview after that survey was taken, Rick Dakin, CEO and chief security strategist for Louisville, Colo.-based Coalfire, said healthcare providers in particular aren't conducting the necessary annual audits to identify new threats, environments and controls needed to protect sensitive health information.

"Clearly, that's not happening in the healthcare industry," he said.

Mike Miliard

Managing Editor of Healthcare IT News

Follow Mike on Twitter @MikeMiliardHITN