Good news and bad news: Government employees are no better behaved than your co-workers when it comes to mobile-security discipline.
A study of 1,000 U.S. federal employees, buttressed by its own data from 70 million consumer users, tells mobile-security provider Lookout that federal employees are using personal devices to access potentially sensitive government data, and a “significant number” engage in the sort of mobile behavior that exposes that data to risk.
Lookout’s State of Federal BYOD report reveals that mobile devices are extremely prevalent in federal agencies, even where official policy prohibits their use. An analysis of 20 federal agencies found 14,622 Lookout-enabled devices associated with those agencies’ networks. Those devices encountered 1,781 app-based threats, as reported (and averted) by the Lookout app and SaaS.
Released Wednesday, the report turns up incidents of rooting, jailbreaking, and uploading unsanctioned applications from places other than official app stores, such as websites or email links.
“The cybersecurity practices, or lack thereof, of the federal government are under the microscope in the wake of the OPM [Office of Personnel Management] hack. Yet hardly anyone is scrutinizing the unsanctioned use of mobile devices that could be putting government data at risk,” said Bob Stevens, vice president of Federal Systems at Lookout. This report shows that rules, policies and employee education alone are insufficient in stopping risky or threatening events before they cause damage.”
Among Lookout’s chief findings:
Asked how Lookout collected data beyond the scope of the survey, Stevens noted, “We have more than 70 million consumer users worldwide and a lot of them, of course, work in business or government. As they bring their devices into the workplace and connect to their organization’s publicly known IP addresses, we begin to have insight into the risks that mobile devices introduce to their organizations.
“To be clear, because they are Lookout users, they are protected from the threats they encountered. We are sharing this data is to illustrate that personal devices are indeed being brought into federal agencies, and to show that while the Lookout users are protected from threats, there are certainly other, unprotected devices accessing sensitive data.”
Lookout is available for consumers via app download, in free or premium versions. For enterprise and government customers, Lookout’s partner page says it is “establishing a sustainable enterprise growth engine exclusively through channel partners.”