Did you know that, according to the Ponemon Institute, 88 percent of employees access sensitive data on their mobile devices, but only 20 percent have received any mobile security training? It's enough to make you wonder why mobile security is in such a sorry state.
In short, mobile security risks abound because…
- Employers switched to mobile-friendly / bring-your-own-device workplaces.
- The use of non-approved mobile apps and "shadow IT" has grown.
- Cloud storage allows employees to access potentially sensitive work data on mobile devices.
All of this spells bad news for IT consultants who oversee their clients' network security. Mobile use has grown so fast that network security hasn't had time to catch up with it, and many of your clients are simply don't know to secure their mobile tech.
Why It Matters that 80% of Employers Don't Have Mobile Security Training
Though this data is startling, it confirms what IT consultants already know: your biggest source of risk is your clients. If clients don't use technology properly, they jeopardize the security of their network and ultimately expose you to greater professional liability (see Errors and Omissions Insurance to learn about covering IT liability).
Because you can be sued for client data breaches, you'll have to make sure your clients know what their risks are and institute policies to minimize them. How do you do that? There are many strategies, but let's focus on two approaches:
- Limiting non-approved apps (aka shadow IT).
- Educating your clients.
Lurking in the Shadows: Mobile Risks and "Shadow IT"
In "Trouble Apps for Security: Help Clients Manage Risk," we covered which apps your clients' employees use and why they could expose your clients to a data breach. Surprisingly, it's not just shoddy apps and malware-prone platforms.
Employees often download apps for remote access, file sharing, and cloud backup – apps that help them do their jobs. These apps are often referred to as "shadow IT" because they perform the function of traditional IT, but aren't approved by an IT department (or IT consultant).
This practice is so common that 72 percent of employees using some sort of shadow IT. That means that a client's data is now being swapped among numerous devices. Because clients don't even know that these practices are risky, you'll need to educate them about mobile security and best practices for protecting their data.
Employees Don't Know They're Putting Data Security at Risk
Consider these startling statistics (courtesy of the Ponemon Institute):
- 66 percent of employees download apps without their employers' approval.
- Only 22 percent think this mobile usage puts their employers at risk.
In other words, the majority of employees engage in risky behavior, but only a minority recognizes that what they're doing could be bad for their employer. This gap in understanding suggests that one of the biggest obstacles an IT consultant faces is ignorance.
To truly manage their clients' security, IT consultants may need to institute procedures that address their clients' lackadaisical approach. You'll probably also have to educate clients about these risks and point them toward resources they can use to teach their employees.
This all-inclusive approach has become a pillar of data security in recent years. All the antivirus software in the world won't help businesses whose employees don't follow basic data security rules.
To help you, TechInsurance offers a free resource: the Customer Education Kit. Even if you're not one of our customers, feel free to use this resource. You can distribute the Customer Education Kit to your clients so they understand what policies and procedures need to be adopted to secure their network, limit mobile security risks, and prevent data breaches.