The bring-your-own-device (BYOD) movement may be a dream come true for office workers, but it has one big problem: Office workers are really bad at securing their phones.

That’s the message embedded in a survey by IT risk and compliance services company Coalfire, which talked to 400 non-IT workers to get a sense of how well they are securing their mobile devices outside of the workplace.

And the numbers are, well, scary.

Let’s start with the big one: 84 percent of respondents said that they use their phones for both work and personal matters. That might not usually be a problem, but this use is joined by a worrying lack of basic security protocol: 47 percent of respondents say they didn’t have passwords on their phones, which immediately becomes a problem if the devices land in the wrong hands. (Just as bad: 36 percent said they reuse the same password, breaking Password Rule No. 1.)

Sponsored by VB
Join us at GrowthBeat where thought leaders from the biggest brands will share winning growth strategies on August 17-18 in San Francisco. Sign up now!

But we can only blame the workers too much. Fifty-one percent of respondents said that their companies lacked the capability to remotely erase the data on their phones (28 percent said they weren’t sure). That’s a basic feature embedded in a large number of consumer-focused services and apps (including iCloud and Prey), so IT departments have no excuse for not doing so.

Perhaps worse, 49 percent of the survey-takers said that their IT departments had never talked to them about the state of mobile security, which likely explains why the survey’s respondents were so bad at securing their devices.

The only good news here is that users are increasingly turning to password management systems and encrypted desktop password files — which is a start, certainly.

Below is a infographic detailing some of the survey’s results.

VB's research team is studying mobile user acquisition... Chime in here, and we’ll share the results.