A "distinct lack of leadership" on mobile security is leaving U.K. businesses open to potentially devastating levels of risk, new research has warned.
According to the poll of 2,035 IT professionals by mobile phone company Orange and analyst firm Quocirca, the vast majority of IT professionals believe it is vital for security policies to cover the use of mobile, wireless or cellular devices. But one in five companies that already has a wide deployment of mobile devices admits not having effective policies in place for mobile security.
Despite the fact that almost 20 percent of companies predict that wireless PDAs and smartphones will replace laptops for a significant number of employees in the future, many organizations are not setting the right example. More than 60 percent of companies admit their mobile security policy is not enforced, displaying a lack of clear leadership from the organization and uncertainty as to whether employees in senior positions take security seriously.
General business managers were found to underestimate the problem. While most believe a mobile security policy is important, a third do not believe it is vital. Many believe that employees using mobile devices are responsible for data security rather than IT managers or the board. They are also twice as likely to allow users to choose whatever device they want, and would tend to leave it to individual users to decide whether they want to use a password or PIN on their device.
''There is widespread naivety and neglect in handheld device security,'' said Rob Bamforth, principal analyst for Quocirca. ''However, it is important to realize that both employees and employers have to play their part. Organizations have a duty to develop, communicate and enforce an effective security policy which employees should understand and abide by. Since some users will still have a lax attitude, businesses should place a safety net of measures to deal with the most likely eventualities including backup, contingency planning and ultimately insurance.''
The study found that 80 percent of businesses identify their employees as the main threat to mobile security. Yet one in three has no security policy to help resolve the issue.
''Responsibility for security is being placed firmly in the hands of the user, but it's essential that attitudes change and security becomes a shared responsibility between the company and the employee,'' said Alistair MacLeod, head of Orange Business Solutions U.K. "There are a number of simple ways to encourage responsible behavior, and the first obvious step is to set out a sensible security policy and to engage users through consultation, not prescription. Communication is key.''