Companies in Poland do not sufficiently protect company mobile phones. On the one hand, there is an improvement in the security of fixed and corporate network solutions in Polish companies. On the other hand, as many as 8 out of 10 large companies do not have a separate budget for the cyber protection of company mobile phones. Among medium-sized companies this percentage reaches 100%. This is the main conclusion of the survey carried out for T-Mobile Polska by PMR.
Limited level of smartphone security
T-Mobile Polska has published the results of the latest company mobile phone security survey. Companies seem not to notice the dynamic changes taking place on the market. For a growing number of employees, a smartphone is currently the second computer and the basic work tool used by 98% of employees on a daily basis. The hard data of T-Mobile Polska shows that over 7% of companies in the country are cyclically exposed to incidents related to dangerous sessions that are set up by company phones. On the other hand, the vast majority of companies still rely on screen security (three quarters of large companies in Poland).
The survey shows that as much as 23% of medium-sized companies and 10% of large companies in Poland do not have any entity in their structures officially responsible for the security of company mobile phones.
Differences between users and IT departments
The study shows large discrepancies between the perception of IT department employees and the behaviour of company phone users. The most controversial are the declarations concerning access to resources and data via a company phone and the purposes for which the company phone serves privately. Here, the assessment is often diametrically different, depending on whether we ask the IT department or a serial phone user.
No policy governing use of company mobile phones
“To what extent do employees treat a company phone as their own, and how much is this made difficult by company security specialists? According to a PMR survey, security on company mobiles is most often ensured by two methods – screen locks (63% of companies) and installation of antivirus software (53%). 15% of companies do not use any tools to ensure security of their business phones, which exposes them to crackers. The scale of the tragedy of such a potential leakage depends on the type of data exposed to the attack. Two thirds of employees have access to company mail from the cellular level, which in theory means no less, no more, that the types of data that may leak are limited primarily by the creativity of interpersonal communication. The avalanche of problems grows exponentially as the confidentiality of data flowing in company correspondence increases. Borders are blurred, unless internal company policy states otherwise. Only that nearly half of companies do not have such a policy regulating the use of company telephones for private purposes at all,” comments Bartlomiej Popeda, Data Scientist at PMR.
At the turn of September and October 2019, we conducted a survey in medium (50-249 employees) and large (250 and more employees) companies operating in Poland. The companies that took part in the survey operate in the following industries: manufacturing and industrial processing, wholesale and B2B trade, construction, education and IT/telecommunications and media.
The concept and main objectives of the survey assumed confrontation of opinions of persons responsible for management, maintenance and protection of company IT infrastructure and devices, including mobile phones, with end users of company cells. The research sample was 200 interviews. In each of the surveyed companies, two separate interviews were conducted: with an IT department employee – manager, specialist, manager, IT security specialist or another – that is a person with knowledge of solutions used in the IT area (including IT security and telecommunications) and with a company employee not related to IT or ICT security, but using the company’s mobile phone at least several times a week.
T-Mobile Polska decided to make the results public. The full report from the survey can be downloaded from the operator’s website: https://bit.ly/2uExWLy (Polish language only)