Mobile

The problem with BYOD: We all suck at mobile security

The bring-your-own-device (BYOD) movement may be a dream come true for office workers, but it has one big problem: Office workers are really bad at securing their phones.

That’s the message embedded in a survey by IT risk and compliance services company Coalfire, which talked to 400 non-IT workers to get a sense of how well they are securing their mobile devices outside of the workplace.

And the numbers are, well, scary.

Let’s start with the big one: 84 percent of respondents said that they use their phones for both work and personal matters. That might not usually be a problem, but this use is joined by a worrying lack of basic security protocol: 47 percent of respondents say they didn’t have passwords on their phones, which immediately becomes a problem if the devices land in the wrong hands. (Just as bad: 36 percent said they reuse the same password, breaking Password Rule No. 1.)

But we can only blame the workers too much. Fifty-one percent of respondents said that their companies lacked the capability to remotely erase the data on their phones (28 percent said they weren’t sure). That’s a basic feature embedded in a large number of consumer-focused services and apps (including iCloud and Prey), so IT departments have no excuse for not doing so.

Perhaps worse, 49 percent of the survey-takers said that their IT departments had never talked to them about the state of mobile security, which likely explains why the survey’s respondents were so bad at securing their devices.

The only good news here is that users are increasingly turning to password management systems and encrypted desktop password files — which is a start, certainly.

Below is a infographic detailing some of the survey’s results.


Mobile developer or publisher? VentureBeat is studying mobile app analytics. Fill out our 5-minute survey, and we'll share the data with you.