Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

3/13/2012
02:32 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Survey Finds Small Businesses Ignore Risks Of Data Protection On Mobile Devices

Study profiled several professions that routinely handle sensitive client information

SEATTLE, March 13, 2012 /PRNewswire/ -- Mozy® (NYSE: EMC), the industry-leading online backup service, released the surprising results of a data protection survey. The survey, produced by Mozy and independent market research firm Compass Partners, LLC, found that an increasing number of professionals (80 percent) work remotely and rely on personal devices such as smartphones (63 percent), iPads (30 percent) and laptops (80 percent) to access company data. Despite the expectation that professionals with sensitive client data would understand the associated risks and responsibilities, the numbers reflect that many professionals working remotely, and their companies, are either unaware or too casual about how to keep this information safe and secure.

The study profiled several professions that routinely handle sensitive client information, including medical practices, legal, real estate, and financial service firms. It found that they were at even greater risk compared to generalized small and medium businesses to experience a significant loss of sensitive business information.

The survey found that while over two-thirds of all small-to-midsize businesses with fewer than 1,000 employees have a formal procedure for backing up company data, 87 percent have no formal policy in place regarding employees' use of personal devices for work purposes. One-third of companies let employees make their own decisions about how to back up company and client data on their devices, and most companies polled do not have backup or data recovery plans that meet modern standards for data protection. Forty-one percent of small businesses readily store and back up company data on portable USB devices - which may be used by family members, get lost, or even stolen.

Businesses Still Unaware of Risks

Legal professionals trailed the field, with 78 percent of lawyers reporting they were either not at all concerned, not that concerned or only somewhat concerned about the security of their company data for employees using personal devices for work. While financial services and medical firms are more concerned about the security of their company data than companies in real estate, construction, and law, the majority (more than two-thirds) in each of those industries expressed a lack of concern for risk of loss and security of company data. This lack of discipline creates unnecessary risk in the protection of company and customer data. The numbers do not lie: very important people have very important data that should be better protected.

Without adequate backup and other data security policies, many businesses are ill prepared to protect company and customer data in the event of a hard drive crash, loss or theft. The survey shows that 30 percent of companies suffered a hard drive crash in the past year. In 70 percent of those cases, data was not fully recovered.

The risk of lost or stolen data is more serious than ever with changing work habits and more employees holding sensitive company data on personal devices. With the start of the new year's business travel season and a larger number than ever of professionals on the road, they carry sensitive company or client data with them on their laptops, tablets and smartphones. The Mozy survey shows that one in nine businesses have experienced the theft of a laptop, and in 98 percent of such cases they were not able to recover all of the lost data.

While just over two-thirds of companies surveyed do have formal backup processes, most are using antiquated methods such as external hard drives with no online backup connection, or tape. Both are extremely susceptible to failure in the event of an on-site disaster.

New Season, Better Protection

"Companies can 'spring clean' by ensuring they have defined best practices and policies to protect sensitive company and client information," said Gytis Barzdukas, Director of Product Management at Mozy.

"If employees are using personal devices for work, companies should consider what kind of work can be performed on their devices, and how to ensure that confidential information is not at risk if the device is lost or stolen. If your company doesn't have a backup and data recovery policy today, they really should put even a basic plan in place. Using tape, server and thumb drives is a start, but any good backup plan should consist of having both a local and offsite copy," Barzdukas continued. "Mozy recommends that all company data - whether it resides on employee personal devices or company equipment - be automatically backed up to a secure, reliable location."

About Mozy

Mozy is the world's most trusted online backup service for consumers and businesses, with more than three million customers, 70,000 business users and 70 petabytes of information stored at its multiple data centers around the globe. Mozy was acquired by EMC Corporation in 2007 and operates as part of Decho Corporation, an EMC company. More information can be found at www.mozy.com .

About the Study

The study was executed by Compass Partners LLC, an independent market research firm focused on consumer technology. The study was fielded among 641 business decision makers responsible for the purchase of software and computer related services for small and medium businesses with 1 - 1,000 full-time employees. Field dates were October 24 through November 1, 2011. For each industry vertical sampled (each cell contained a minimum of 100 responses), the margin of error is +/- 9.8% at 95% confidence interval.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Georgeken
50%
50%
Georgeken,
User Rank: Apprentice
3/22/2012 | 10:33:41 AM
re: Survey Finds Small Businesses Ignore Risks Of Data Protection On Mobile Devices
pretty cool stuff mate
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...