A security firm has said that “major mobile security gaps remain in the federal government” in part due to employees not complying with security policies, the latest in a series of reports raising concerns about employees using their personal mobile devices in the workplace.
A survey conducted for the Lookout mobile security company of 200 federal IT and security employees found that almost all reported that their workplaces have policies and management tools to control use of personal devices. Common policies address use of certain applications, requirements for using passwords and PINs, updating the device’s software, and storage of work-related information. In some cases, policies completely prohibit employees from using personal devices for work-related purposes, even to the point of barring them from bringing such devices into the workplace.
However, such controls are “bumping up against employee compliance issues,” said the report. Three-fourths of those polled agreed that employees in their workplaces are “willing to sacrifice some government security for the personal convenience of using a personal mobile device for work purposes.” More than half had said they have seen employees using personal devices in the workplace for sending and receiving emails through personal accounts, using social media, texting, browsing the web and taking pictures.
“Personal devices are a key part of employees’ everyday working lives and any security solution needs to work with — not against — this fundamental premise . . . We believe that agencies don’t have to ban mobile devices to actually gain good security. Mobile threat defense, coupled with mobile management solutions and employee education, provide a solid foundation of protection,” it said.