Mobile Security Blog | Pradeo

Mobile Workers: Statistics on Organizations’ Security Practices

Written by Roxane Suau | May 17, 2018

A few days before the GDPR is enforced, many companies still doubt they will be ready in time. To help them draw the path toward the compliance of their mobile framework, Pradeo launched last month an online GDPR survey allowing organizations to test their mobile practices against the new regulation requirements.

382 security leaders whose companies manipulate EU citizen data were counted among the respondents. The compilation of their answers helps in outlining the overall maturity of businesses in protecting their mobile workforce and more specifically emphasizes how far they are from achieving the goal of the new regulation.

 

Exposition of personal data

  • 89% of security leaders have mobile workers in their organization and 82% of them allow BYO Devices. 

  • On average, 91% of mobile workers have access to contacts list, calendar and emails from their mobile devices, while 61% can access corporate applications and network from them.

  • 70% of mobile workers are allowed to download applications from public stores while 76% can connect to hotspots. 6% of respondents stated their mobile employees are forbidden doing both.

 

Adapted security measures

The article 32 of the GDPR expects companies to guarantee users’ data security commensurately to risk levels, and yet:

  • 58% of companies manage their mobile fleet through an EMM solution.
  • 30% of companies protect their mobile data using a MTD solution.

 

Readiness in case of a breach

GDPR's article 30 calls for a record of any processing activities on EU data subjects, although:

  • Only 27% of companies log data processing activities.

 

Most organizations expose personal data through their mobile workers and yet, less than a third of them have implemented a Mobile Threat Defense solution securing their mobile fleet, making them highly vulnerable to a data breach.

Besides, most companies do not keep track of events and security incidents, which make them unable to provide the required information within 72 hours in case of a breach.

 

White Paper: The Path Towards a GDPR-Compliant Mobile Framework