A recent survey by Litera found that while IT pros understand the risks involved when employees bring their own devices (BYOD) to work, only a small percentage has considered encrypting email as a solution.
As employees bring more consumer devices into the work place, it places pressure on IT in terms of how to secure these devices, especially as documents begin to move off of the company servers and onto mobile devices.
Litera, a company that sells a content creation, collaboration and risk management software suite just completed a survey involving 303 mobile device users, two-thirds of whom were IT professionals. The respondents included employees across a variety of industries and business sizes including almost 40 percent with between 500 and 5000 employees.
Of the respondents, 36 percent were managers and 12 percent were C-level. Another 16.8 percent were directors, so we’re talking about an audience that should understand the importance of security.
Yet the results showed that in spite of this, respondents were surprisingly cavalier about security.
Let’s start with some background. 96 percent of respondents used their devices (whether tablets or mobile phones) on a daily basis to read business email with 86.1 percent doing it multiple times per day. (That it was even that low surprises me, but I suppose some people still do the majority of their work at a company desktop PC.)
35 percent of respondents read email attachments on their mobile devices with 14.2 percent reporting they do it multiple times per day. More than 40 percent read email attachments at least once a month. Again, this seems a bit low given how mobile today’s workers tend to be and how much the lines between work and private life have blurred.
A few more data points:
* 88 percent store business documents on their mobile devices.
* 39.7 percent attach documents to emails on their mobiles devices.
* 33.7 percent have access to an enterprise content repository from their mobile devices.
But Litera is interested in encryption and metadata scrubbing because that’s part of the services it sells.
When asked about encryption, 96 percent of those surveyed reported that they used their mobile devices to store, access and send sensitive without any encryption whatsoever. What’s more, while 91.7 percent of respondents stated they used a metadata scrubbing solution on their servers, just 31.6 percent have solutions that cover emails sent from mobile devices.
While I always give a big caveat when it comes to vendor surveys because they tend to ask the questions and report the data in the way that presents what they sell in the best possible light, the data shows that as you probably already knew, users are out there accessing and sharing content with their mobile devices — and too often it’s not protected.
If your company works with sensitive data — and most have some they must consider to be sensitive — you may want to consider email and other forms of encryption as a minimum level of protection for moving data from behind the safety of the firewall to mobile devices out in the world. For now though, most appear to be ignoring this simple security measure.
Photo by Ron Miller. Used under the Creative Commons Share Alike License.