Stolen mobile devices: how much of this is personal business?

IT staff of various companies complain that employees are slow to report losing their mobile devices. Thanks to BYOD, the responsibility for those devices now appears to be shared.

It’s an open secret that Bring Your Own Device paradigm created a lot of problems for IT staff in companies. But there are even more profound and thought-provoking paradoxes emerging these days. One of them is “shared responsibility” for the mobile devices used for both personal and working needs, which outright borders with “shared ownership”.

What is that about? Among many other findings of Kaspersky Lab’s 2014 IT Security Risks survey it is reported that employees tend to be slow to report losing mobile devices to their superiors and/or IT staff.

Some may ask, should they report such incidents at all? If it is their own device, it’s their own business.

Actually, the survey does not mention whether those are personal or enterprise-owned devices. But this difference becomes a bit vague once the device is being used for working needs and working documents are stored inside it. From there on, safeguarding the device and data on it becomes a responsibility shared between the owner himself and the employing entity’s IT department, which is tasked with data protection.

Of course, in most cases lost or stolen devices are just lost or even “just stolen” – in a latter case it is a device itself that a thief is interested in, not sensitive data stored inside. However, extra malice – and thus a serious data leak – cannot be outright excluded.

It is no surprise that IT people are worried that it takes two (in 38% of cases), or even three to five days (9%) for employees to report a missing device. And while the numbers of lost phones or tablets (or getting them stolen) is climbing, the percentage of employees who notified their employers the same day the incident occurred decreased from 60% to 50% from 2013 to 2014.

wide-2

A smartphone today is an easy-to-obtain commodity, so losing it is already considered a common annoyance, not a world-wide drama. Thus employees are slow to report the loss – it doesn’t seem like something extra important to them.

That adds a extra bit of headache to the IT staff: 52% of survey respondents indicated they are “more concerned about mobile” than in previous years. In fact, 43% went further, saying that mobile working patterns introduce too much risk,” despite the obvious productivity benefits these devices can bring to the business. Another 42% believe that “BYOD (Bring Your Own Device) mobile policies present an “increased security risk” for businesses.

Still it is clear that BYOD is here to stay. So the best thing to do here is to make it clear to the employees: If they use their personal devices for work and store any sensitive data in them, IT staff has to know what’s going on with it to react to trouble promptly – before the data “changes hands”. It’s not an attempt to control the employees’ property, it’s about safeguarding the business’ data.

Tips