We just released the Absolute 2015 US Mobile Device Security Report, sharing the results of a survey conducted earlier this year among employees who use an employer-owned device for work. The results of the survey provide insight into employee attitudes toward IT security and their behaviors on corporate-owned mobile devices, showing an eye-opening perspective on the security risks depending on employee age, as well as other factors including company size, employee role and number of devices in use. According to our survey, Millennials prove to be a greater risk to data security as compared to other user categories.
“We conducted this survey with the intention of helping enterprises better understand the current attitudes that employees have towards data security and privacy,” said Stephen Midgley, vice president, Global Marketing, Absolute. “Armed with this information, our customers can consider user behavior as an additional data point in their endpoint security and data risk management strategies.”
Data Security Risks in Millennials vs Baby Boomers
The 2015 US Mobile Device Security Report demonstrates clear differences in generational behavior and associated risks related to data security:
- 64% of Millennials (age 18-34) use their employer-owned device for personal use, as opposed to 37% of Baby Boomers (age 55+)
- 35% of Millennials modify their default settings, compared to 8% of Boomers
- 27% of Millennials access “Not Safe For Work” content (e.g. personal email, online banking or shopping, social media, public WiFi, file sharing, etc.), compared with only 5% of Boomers
- 25% of Millennials believe they compromise IT security, compared with only 5% of Boomers
Additional Insights from the 2015 Mobile Device Security Report
Aside from generational differences affecting data security, we found a general apathy toward IT security, consistent with our past findings, as well as a clear difference in behavior associated with position level in the organization.
- 50% of respondents believe that security is not their responsibility
- 52% of respondents use their employer-owned devices for personal use
- 21% of respondents have modified the default settings on their work devices
- 14% of all respondents believe their behavior compromises the security of their organization
- The security risk increases with every level in the organization, from junior level to mid-level to senior level professionals. Senior Level Professionals are most likely to engage in risky behavior, with 33% accessing NSFW content, 76% using employer-owned devices for personal use, and 26% losing a device in the past.
- Respondents selected the three top benefits of mobility as:
- 39%: I can respond to requests from any location
- 38%: I can be more responsive
- 38%: I can do work while I’m travelling
Although many of these findings are troubling, we have seen positive movement in others. In our 2013 report, 59% of employees believed the corporate data on their device was worth less than $500. In 2015, that figure has shifted to 25%, with an additional 23% believing the data to be worth more than $50k. These figures indicate an increased awareness of the high value associated with corporate data.
“While the report indicates real progress in a number of critical security areas, there is still a lot that can be done to modify behavior and educate employees,” said Mr. Midgley. “Ultimately, everyone is responsible for protecting sensitive business information. Knowing there is ambiguity between how different users may approach this requirement, IT leaders need to provide meaningful guidance and training that reinforces this collective accountability.”
In our report, we outline a 3-pronged approach to mitigate security risks, including Education, Policies and Layered Technology solutions to secure devices. You can learn more about how to Mitigate Mobile Device Security Risks in our full report here.