Government // Mobile & Wireless
News
2/12/2014
01:40 PM
Connect Directly
RSS
E-Mail
50%
50%

Federal Workers Lax On Mobile Security

Nearly half of federal workers surveyed admit to poor mobile security practices, putting agencies and data at risk.

6 Cool Apps From Uncle Sam
6 Cool Apps From Uncle Sam
(Click image for larger view and slideshow.)

Almost half of the government employees are not practicing several essential security practices designed to protect data, according to a new survey. Government agencies also remain vulnerable to hacking through lost or stolen devices, according to the survey, which suggests that the risk of data breaches as a result of lax security practices is likely to grow as the number of employees dependent on mobile devices also grows.

The findings from the 2014 Mobilometer Tracker: Mobility, Security, and the Pressure In Between reveal how vulnerable the federal government remains two years into a Digital Government Strategy that made mobility and security key tenets of the government's efforts to use new technologies.

The study noted as a baseline that about 90% of the respondents use at least one mobile device -- laptop, smartphone, or tablet -- for their work.

About 41% of the government employees who participated in the voluntary survey indicated they were practicing some potentially harmful behaviors from a security standpoint.

[Traveling with electronic gear containing sensitive data carries a greater security risk today than ever before. Read Data Security: 4 Questions For Road Warriors]

Among the risky behaviors: a lack of multifactor authentication or data encryption (52%), the use of public WiFi (31%), and failure to use passwords on mobile devices for work (25%). A third of respondents admitted to using passwords that would be considered easy to guess.

(Source: Mobile Work Exchange)
(Source: Mobile Work Exchange)

What's more, 15% of government respondents admitted downloading a nonwork-related application on to the mobile device they use for work.

Deeply troubling was the revelation that 6% of respondents who use a mobile device for work confessed to having lost or misplaced it. "In the average federal agency, that's more than 3,500 chances for a security breach," said Larry Payne, US federal vice president at Cisco.

The study shines a light on some glaring shortcomings in government mobile security. For example, one-fourth of government employees have not received mobile security training from their agencies, and only 50% of respondents said their agencies have formal, employee-focused mobile device programs.

In addition, half of the agencies covered in the survey are missing fundamental mobile security steps, such a remote wipe function or multifactor authentication or data encryption on mobile devices.

The study was commissioned by Cisco and conducted by the Mobile Work Exchange, a public-private partnership that promotes the value of mobility and telework. The partnership surveyed 155 government employees from 30 agencies during the last quarter of 2013.

The study found some bright spots in employee practices; 86% of respondents lock their computer when they leave their desk and have a safe, alternative workplace compatible. And 78% said they always store files in a secure location. In addition, nearly all the respondents who do telework (97%) have formal telework agreements in place. More than half (53%) are required by their agencies to register their mobile devices, and the same percentage are required to take regular security training related to mobile devices.

But much work remains to be done before the wide gaps in government agency mobile security are narrowed or closed altogether.

"Ensuring policies are being enforced is the best way to secure critical government data," said Cindy Auten, general manager of the Mobile Work Exchange. "Closing this gap equips government employees with the knowledge to thwart potential security breaches."

Too many companies treat digital and mobile strategies as pet projects. Here are four ideas to shake up your company. Also in the Digital Disruption issue of InformationWeek: Six enduring truths about selecting enterprise software (free registration required).

William Welsh is a contributing writer to InformationWeek Government. He has covered the government IT market since 2000 for publications such as Washington Technology and Defense Systems. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
2/12/2014 | 4:37:11 PM
Not all apps are cause to worry ...
This stat seems low, and also not all that scary: "What's more, 15% of government respondents admitted downloading a nonwork-related application on to the mobile device they use for work."

First of all, are those "mobile devices they use for work" all government issued? And, non-work-related applications might be things that do help with work, like a map application or something like Evernote. Without more clarification it seems premature to bash these workers.
WKash
50%
50%
WKash,
User Rank: Author
2/12/2014 | 10:44:57 PM
Re: Not all apps are cause to worry ...
One has to be careful drawing conclusions from 155 respondents to a survey representing 2 million federal workers. The results are likely reflective of the vulnerabilities agencies face, but how much so is hard to know.  Either way, its clear you can't get all of the people to follow procedures no matter how your try.
BobH088
50%
50%
BobH088,
User Rank: Apprentice
2/12/2014 | 9:31:41 PM
security solution?

One of the most common causes of data getting in the wrong hands is the loss of mobile devices that often contain a frightening amount of private information. I want to share a protection option that worked for me. Tracer tags (mystufflostandfound.com) let someone who finds your lost stuff contact you directly without exposing your private information. I use them on almost everything I take when I travel like my phone, passport and luggage after one of the tags was responsible for getting my lost laptop returned to me in Rome one time.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.