Press Release
2013 BYOD Survey: Mobile Data Security Remains Weak
Coalfire survey reveals that companies and employees alike are often not taking even basic security steps
DENVER – Sept. 18, 2013 – For the second consecutive year, a Coalfire survey on the topic of Bring Your Own Device (BYOD) in the workplace revealed an ongoing lack of security with smartphones and tablets used to access company data.
As in 2012, Coalfire, an independent information technology governance, risk and compliance (IT GRC) firm, surveyed 400 individuals working in a variety of industries across North America who are not affiliated with their company’s IT department. This year’s survey findings show, much like last year, companies are not taking steps to educate employees on mobile device security to help protect company data.
The increasing popularity of smartphones and tablets underscores the importance of corporate data protection on these devices. Gartner forecasts 2013 tablet shipments to grow 67.9 percent, with shipments reaching 202 million units, while the mobile phone market will grow 4.3 percent, with volume of more than 1.8 billion units.
“We are surprised to see such similar results as last year regarding security on tablets and smartphones, especially considering the attention that has been placed on this issue,” said Rick Dakin, CEO and chief security strategist with Coalfire. “The results this year demonstrate that businesses are still not using effective methods to protect critical infrastructure. Although new developments are regularly coming to the market to help protect corporate data, the main concern is still human error. Security awareness training for tablet and smartphone users should be a top priority for all organizations.”
Recent developments in the smartphone and tablet market may lighten the load for IT departments. Apple’s iOS7, scheduled for release later this year, includes a number of new security measures for lost or stolen devices. However, the protections must be enacted by users to be effective.
Key findings of this year’s survey include:
- Nearly half — 47 percent — of users reported they still have no passcode on their mobile device (no change from 2012)
- Most users (86 percent) report using the same smartphone for personal and work tasks (compared to 84 percent last year)
- Although down slightly from last year (36 percent vs. 30 percent in 2013), nearly a third of users report using a single password for all digital access
- Sixty-one percent write down passwords on a piece of paper (up one percent from last year).
- Compared to 49 percent last year, 47 percent of respondents reported their IT department has not discussed mobile/cybersecurity awareness or best practices with them
- Forty-four percent reported their company does have a mobile device usage policy, compared with 37.3 percent in 2012
- One improved area: 33.8 percent of respondents stated their companies do not have the ability to remotely wipe data from mobile devices if they are locked, lost or stolen. Last year, more than half (51 percent) of companies did not have that ability
About Coalfire
Coalfire is a leading, independent information technology Governance, Risk and Compliance (IT GRC) firm that provides IT audit, risk assessment and compliance management solutions. Founded in 2001, Coalfire has offices in Dallas, Denver, Los Angeles, New York, San Francisco, Seattle and Washington D.C. and completes thousands of projects annually in retail, financial services, healthcare, government and utilities. Coalfire’s solutions are adapted to requirements under emerging data privacy legislation, the PCI DSS, GLBA, FFIEC, HIPAA/HITECH, HITRUST, NERC CIP, Sarbanes-Oxley, FISMA and FedRAMP.