Nearly half of federal workers surveyed admit to poor mobile security practices, putting agencies and data at risk.
6 Cool Apps From Uncle Sam
(Click image for larger view and slideshow.)
Almost half of the government employees are not practicing several essential security practices designed to protect data, according to a new survey. Government agencies also remain vulnerable to hacking through lost or stolen devices, according to the survey, which suggests that the risk of data breaches as a result of lax security practices is likely to grow as the number of employees dependent on mobile devices also grows.
Among the risky behaviors: a lack of multifactor authentication or data encryption (52%), the use of public WiFi (31%), and failure to use passwords on mobile devices for work (25%). A third of respondents admitted to using passwords that would be considered easy to guess.
(Source: Mobile Work Exchange)
What's more, 15% of government respondents admitted downloading a nonwork-related application on to the mobile device they use for work.
Deeply troubling was the revelation that 6% of respondents who use a mobile device for work confessed to having lost or misplaced it. "In the average federal agency, that's more than 3,500 chances for a security breach," said Larry Payne, US federal vice president at Cisco.
The study shines a light on some glaring shortcomings in government mobile security. For example, one-fourth of government employees have not received mobile security training from their agencies, and only 50% of respondents said their agencies have formal, employee-focused mobile device programs.
In addition, half of the agencies covered in the survey are missing fundamental mobile security steps, such a remote wipe function or multifactor authentication or data encryption on mobile devices.
The study was commissioned by Cisco and conducted by the Mobile Work Exchange, a public-private partnership that promotes the value of mobility and telework. The partnership surveyed 155 government employees from 30 agencies during the last quarter of 2013.
The study found some bright spots in employee practices; 86% of respondents lock their computer when they leave their desk and have a safe, alternative workplace compatible. And 78% said they always store files in a secure location. In addition, nearly all the respondents who do telework (97%) have formal telework agreements in place. More than half (53%) are required by their agencies to register their mobile devices, and the same percentage are required to take regular security training related to mobile devices.
But much work remains to be done before the wide gaps in government agency mobile security are narrowed or closed altogether.
"Ensuring policies are being enforced is the best way to secure critical government data," said Cindy Auten, general manager of the Mobile Work Exchange. "Closing this gap equips government employees with the knowledge to thwart potential security breaches."
Too many companies treat digital and mobile strategies as pet projects. Here are four ideas to shake up your company. Also in the Digital Disruption issue of InformationWeek: Six enduring truths about selecting enterprise software (free registration required).
William Welsh is a contributing writer to InformationWeek Government. He has covered the government IT market since 2000 for publications such as Washington Technology and Defense Systems. View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.