In a recent article on CIO.com, Tom Kaneshige (@kaneshige) discusses worker apathy around loss of mobile devices and protection of corporate data. He points out that despite written policies, many employees simply don't report lost or stolen mobile devices, creating a massive security exposure for organizations, and a huge headache for the IT team. Why don't they report lost devices? The article discusses three reasons:
- 25% of employees think that it's "not their problem.
- 59% estimated the value of corporate data on their phone to be less than $500.
- Employees don't want to report the loss, just in case they find the phone later, citing loss of personal data as the rationale.
So what are the repercussions of not reporting mobile devices? In some organizations, you will lose your job. Seems like a pretty harsh penalty, no? I guess that speaks to the fact that employers really do view data security as everyone's problem, and that the value of corporate data on mobile devices is quite a bit higher than $500.
But is firing people really the way to deal with this problem? Absolutely not. Rather than invoking fear as a compliance mechanism, I recommend solving the underlying issue: employees fear consequences such as the loss of their family photos and videos that haven't been backed up, so they try their best to find their device.
- Continue to educate employees on the fact that corporate data is extremely valuable, and that protection of that data is everyone's responsibility. This is easier said than done for most, but it's part of our ongoing duties as security professionals.
- Adopt a BYOD security solution that allows you to selectively wipe corporate data, while leaving employee personal data alone. Mobile Device Management and full device wipe isn't your only option - there are new technologies on the market that can solve this challenge immediately. Some even allow you to restore corporate data back to the device if/when it does get found later on.
Lost devices don't have to mean lost jobs - our economy is fragile enough as it is! Bitglass can help, and can do so without installing any software agents or MDM profiles. Take it for a free 30-day test drive to learn more.