Lack of mobile device encryption placing firms at risk

Four-fifths of firms have sensitive business information on their mobile devices, but barely 25% use encryption

In what should alarm all companies with mobile devices, even though the amount of data on suchdevices is increasing, levels of encryption have decreased hugely according to research commissioned by Sybase iAnywhere.

The survey of IT security decision makers revealed that four-fifths of firms had sensitive business information, such as emails and passwords, stored on their mobile devices, but barely over a quarter had any form of encryption. This is an alarming downward trend as the survey a year earlier indicated that 60% of companies had sensitive data on mobile devices, of which 45% were encrypted.

In terms of the personal responsibility they had for security on their mobile devices, 71% of respondents said their employers relied upon them to undertake at least one security task for their mobile devices. Although these figures indicate a slight reduction of personal responsibility for the security of mobile devices from last year’s overall figure of 76%, Sybase iAnywhere says they still suggest that organisations are continuing to place too large a burden of responsibility for security in the hands of their users, and are not automating these processes.

A fifth or respondents with managed security on their devices said that speed of decryption was an issue and 27% complained of the length of time it takes to access their device after powering up. Nearly two-fifths regarded the issues they face if they forget their passwords as being a major problem.

Commented Mike Oliver, marketing manager for mobile management and security products in Europe for Sybase iAnywhere, “These survey results reflect the increasing use of mobile devices, but also continue to demonstrate a worrying decrease in the encryption of the data stored on these devices. Of those organisations that are investing in device security, far too many are still relying on end users to take responsibility for security protocols when these should be automated and controlled by central IT."

Read more on Mobile hardware