Many Feds Take Security Risks With Laptops, Smartphones and Tablets

Most federal employees are taking steps to secure agency data – from locking their computers when away from their desk to storing files in a safe place – but many are not taking the same care when it comes to mobile devices.

That’s according to a new report by Mobile Work Exchange and Cisco, which found that 41 percent of government employees who used the Secure Mobilometer, a self-assessment tool for understanding mobile security vulnerabilities, are putting themselves and their agencies at risk with existing mobile devices.

The report – ‘The 2014 Mobilometer Tracker: Mobility, Security and the Pressure in Between” – is based on findings from the Secure Mobilometer launched by Mobile Work Exchange and Cisco in September. The report is based on inputs to the calculator by 155 individual government employees and 30 agencies, as well as 97 individuals and 24 organizations from the private sector.

The study found that most government employees are taking basic steps to secure agency data, such as locking their computer when away from their desk (86 percent), having a safe and alternative workplace compatible for work (86 percent) or storing files in a secure location (78 percent).

But many don't secure their mobile devices even though 90 percent of government respondents say they use at least one -- such as a laptop, smartphone or tablet -- for work purposes, Mobile Work Exchange and Cisco found.

Some government employees are practicing potentially dangerous behaviors, including using public Wi-Fi (31 percent), a lack of multifactor authentication or data encryption (52 percent) and failure to use passwords on mobile devices for work (25 percent). Six percent of those who use a mobile device for work also admit to losing or misplacing their phone; based on the size of the average federal agencies, that could equate to more than 3,500 chances for a security breach.

The study also found shortfalls when it came to agency efforts to secure data. More than half (57 percent) of respondents who used the Mobilometer to assess their agency are failing to secure agency data on mobile devices, and half are not using fundamental mobile security steps such as a remote wipe function or adding multifactor authentication or data encryption on mobile devices.

Many agencies also are failing to educate employees on mobile security, with more than one in four government employees saying they have not received mobile security training from their agencies. Just 50 percent of respondents said their agencies have formal, employee-focused mobile device programs, the study found.

Despite these gaps in mobile security, most government agencies are considerably safer than their counterparts in the private sector. Government agencies are more likely than private sector organizations to require employees to register mobile devices with the IT department (53 percent versus 21 percent), to require regular training related to mobile devices (53 percent versus 13 percent) and to have formal telework agreements in place (97 percent versus 56 percent). Government respondents also were more in-tune to risk: just 15 percent of them have downloaded a non-work-related app onto a mobile device they use for work, compared with 60 percent of private sector respondents.

“While the government is significantly safer than its counterparts, there is still much work to be done,” said Cindy Auten, general manager of Mobile Work Exchange. “Ensuring policies are being enforced is the best way to secure critical government data. Closing this gap equips government employees with the knowledge to thwart potential security breaches.”