Federal Workers Lax On Mobile Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Mobile & Wireless

Federal Workers Lax On Mobile Security

Nearly half of federal workers surveyed admit to poor mobile security practices, putting agencies and data at risk.

6 Cool Apps From Uncle Sam
6 Cool Apps From Uncle Sam
(Click image for larger view and slideshow.)

Almost half of the government employees are not practicing several essential security practices designed to protect data, according to a new survey. Government agencies also remain vulnerable to hacking through lost or stolen devices, according to the survey, which suggests that the risk of data breaches as a result of lax security practices is likely to grow as the number of employees dependent on mobile devices also grows.

The findings from the 2014 Mobilometer Tracker: Mobility, Security, and the Pressure In Between reveal how vulnerable the federal government remains two years into a Digital Government Strategy that made mobility and security key tenets of the government's efforts to use new technologies.

The study noted as a baseline that about 90% of the respondents use at least one mobile device -- laptop, smartphone, or tablet -- for their work.

About 41% of the government employees who participated in the voluntary survey indicated they were practicing some potentially harmful behaviors from a security standpoint.

[Traveling with electronic gear containing sensitive data carries a greater security risk today than ever before. Read Data Security: 4 Questions For Road Warriors]

Among the risky behaviors: a lack of multifactor authentication or data encryption (52%), the use of public WiFi (31%), and failure to use passwords on mobile devices for work (25%). A third of respondents admitted to using passwords that would be considered easy to guess.

(Source: Mobile Work Exchange)
(Source: Mobile Work Exchange)

What's more, 15% of government respondents admitted downloading a nonwork-related application on to the mobile device they use for work.

Deeply troubling was the revelation that 6% of respondents who use a mobile device for work confessed to having lost or misplaced it. "In the average federal agency, that's more than 3,500 chances for a security breach," said Larry Payne, US federal vice president at Cisco.

The study shines a light on some glaring shortcomings in government mobile security. For example, one-fourth of government employees have not received mobile security training from their agencies, and only 50% of respondents said their agencies have formal, employee-focused mobile device programs.

In addition, half of the agencies covered in the survey are missing fundamental mobile security steps, such a remote wipe function or multifactor authentication or data encryption on mobile devices.

The study was commissioned by Cisco and conducted by the Mobile Work Exchange, a public-private partnership that promotes the value of mobility and telework. The partnership surveyed 155 government employees from 30 agencies during the last quarter of 2013.

The study found some bright spots in employee practices; 86% of respondents lock their computer when they leave their desk and have a safe, alternative workplace compatible. And 78% said they always store files in a secure location. In addition, nearly all the respondents who do telework (97%) have formal telework agreements in place. More than half (53%) are required by their agencies to register their mobile devices, and the same percentage are required to take regular security training related to mobile devices.

But much work remains to be done before the wide gaps in government agency mobile security are narrowed or closed altogether.

"Ensuring policies are being enforced is the best way to secure critical government data," said Cindy Auten, general manager of the Mobile Work Exchange. "Closing this gap equips government employees with the knowledge to thwart potential security breaches."

Too many companies treat digital and mobile strategies as pet projects. Here are four ideas to shake up your company. Also in the Digital Disruption issue of InformationWeek: Six enduring truths about selecting enterprise software (free registration required).

William Welsh is a contributing writer to InformationWeek Government. He has covered the government IT market since 2000 for publications such as Washington Technology and Defense Systems. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
2/12/2014 | 10:44:57 PM
Re: Not all apps are cause to worry ...
One has to be careful drawing conclusions from 155 respondents to a survey representing 2 million federal workers. The results are likely reflective of the vulnerabilities agencies face, but how much so is hard to know.  Either way, its clear you can't get all of the people to follow procedures no matter how your try.
User Rank: Moderator
2/12/2014 | 9:31:41 PM
security solution?

One of the most common causes of data getting in the wrong hands is the loss of mobile devices that often contain a frightening amount of private information. I want to share a protection option that worked for me. Tracer tags (mystufflostandfound.com) let someone who finds your lost stuff contact you directly without exposing your private information. I use them on almost everything I take when I travel like my phone, passport and luggage after one of the tags was responsible for getting my lost laptop returned to me in Rome one time.
Lorna Garey
Lorna Garey,
User Rank: Author
2/12/2014 | 4:37:11 PM
Not all apps are cause to worry ...
This stat seems low, and also not all that scary: "What's more, 15% of government respondents admitted downloading a nonwork-related application on to the mobile device they use for work."

First of all, are those "mobile devices they use for work" all government issued? And, non-work-related applications might be things that do help with work, like a map application or something like Evernote. Without more clarification it seems premature to bash these workers.
Can Cloud Revolutionize Business and Software Architecture?
Joao-Pierre S. Ruth, Senior Writer,  1/15/2021
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
How CDOs Can Build Insight-Driven Organizations
Jessica Davis, Senior Editor, Enterprise Apps,  1/15/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll