As the size of the world's mobile workforce continues to increase rapidly, so too does the threat such remote workers represent to their organizations and IT departments, due largely to a lack of related security training and awareness, according to a recent study.
Concern about the theft of sensitive company information is on the rise in most firms after such high profile incidents as the Department of Veteran Affairs laptop theft and the huge TJX breach. Not surprisingly, 60 percent of organizations that participated in the Computing Technology Industry Association (CompTIA) study said security concerns related to the use of mobile devices like smartphones and PDAs have increased over the past year.
However, most organizations aren't responding to the threat by increasing training. Though nearly 80 percent of respondent organizations said they allow their mobile workers remote access to data on corporate networks, less than one-third have implemented any security awareness training for those staffers. Furthermore, only 10 percent of organizations plan to offer new security training in the coming year related to the use of PDAs, smartphones, laptops or other mobile devices, even though the organizations that have implemented such security training say they have encountered a smaller number of security breaches than in the past.
Smart CIOs educate their staffs on how to prevent known security threats before they happen, as well as how to react to data thefts or other security breaches after the fact, according to the study.
"Organizations that do not train their mobile workers in security fundamentals are doing themselves a great disservice," said John Venator, CompTIA president and chief executive officer, in a press release. "Nearly 90 percent of organizations that have implemented awareness training for remote and mobile workers believe that the number of security breaches they've encountered has been reduced."
Additional noteworthy findings include:
Security issues related to the use of wireless networks have increased somewhat or significantly, according to 55 percent of respondents
58 percent of respondent organizations don't currently offer security training related to the use of handheld PCs or laptops for data access and transfer to remote workers, nor do they have any immediate plans to do so
- The organizations that don't currently offer security training for mobile workers cite the fact that there is no top management report or it is not yet a business or departmental priority as reasons
Market research firm TNS Prognostics was commissioned by CompTIA to conduct the fifth installment of the Trends in Information Security: Analysis of IT Security and the Workforce survey, and data was collected from more than 1,000 IT professionals during February 2007. The study also includes findings from some 3,600 surveys conducted since 2002, when the first study launched. CompTIA members and non-members from the Education, Financial Services, Government, Healthcare and IT industries made up the survey base.
More information on CompTIA and the study is available on the organization's website.