Organizations and Employees Don't Know How to Deal with Device Loss

By: Absolute Editorial Team | 4/14/2014

According to a study conducted by ITIC for KnowBe453% of businesses are unprepared to deal with hacked or stolen devices. The “2014 State of Security” survey, which polled 250 companies around the world in February 2014, shows that many organizations have existing issues with devices, company-owned or BYOD, and that these devices pose a significant threat to data security.

According to the study, 50% of businesses say their devices may have been hacked in the past year (10% had for sure, 40% had no way of knowing / were unsure / do not require employees to inform them). With 53% of businesses unable to deal with security breaches as the result of smartphones, tablets and notebooks, these two statistics pinpoint a serious issue in the management and security of endpoint devices and the information they contain.

Highlights from the study:

  • 55% of organizations are not increasing or fortifying existing security measures as a result of other high profile attacks (Target, Snapchat, etc)
  • 65% of organizations allow BYOD devices to access organizational data including email, applications and sensitive data
  • 43% of organizations currently do not have a BYOD security policy
  • 13% of organizations have specific policies for BYOD deployments
  • When asked to list the most effective mechanism to safeguard networks, 80% cited anti-virus / intrusion detection / firewalls and 65% cited endpoint security

Our own survey has revealed gaps in security policies where ‘people’ pose one of the greatest risks to data security. When people don’t think data security is ‘their problem,’ when data is not seen as valuable, and when policies don’t spell out the importance of dealing with security threats (hacking, loss, theft), data breaches are more likely to happen. For example, our survey found that 23% of respondents don’t know their company’s procedure for dealing with work device loss or theft.

In order to secure corporate data, organizations of all sizes must conduct risk assessments and take proactive steps to secure devices, no matter who owns them. Both organizations and individual employees need to be made aware of the value of corporate data and the importance of protecting it with ongoing security training and a clear security policy. While policies and awareness are key, so too is technology such as Absolute Computrace that allows organizations to persistently track and secure endpoints.

Learn more about how Computrace provides foundational support for all activities related to Governance, Risk Management, and Compliance (GRC) for the endpoint here.

Financial Services