To comply with GDPR, companies need to regulate employees' mobile devices
Around 84% of IT decision makers worry that data accessed through employee mobile devices may risk their company's GDPR compliance, according to a Lookout survey of more than 2,000 U.S. IT executives and employees . Malicious apps, compromised networks and apps that access records and move data through global servers can violate the regulation's privacy principle, among other requirements.
Approximately 61% of employees admit to using their mobile device to access customer, partner and employee data from their company, and around 64% connect to public Wi-Fi networks, putting personal data at risk.
- Almost three-quarters of respondents use the same phone for their work and personal life. But 23% of employees do not have automatic operating system updates, and 41% open links on their device without knowing if it is safe, according to the announcement. The stakes are high, with 32% of employees ranking as a VP or higher responding their phone was compromised or hacked in the past.
The amount of time employees spend on their phones, potentially accessing corporate networks and putting data at risk, is only increasing.
Average daily cell phone usage is around 2.37 hours a day in the U.S., with a 69% increase in time spent on mobile apps. Half of millennials spend at least three hours on their phones daily, and one-quarter spend around five hours a day. An estimated 70 minutes of millennials' workday is believed to be dedicated to non-work activities on smartphones.
Besides a hit to productivity, these devices threaten data security. Data breaches are often the result of human error, and tightening regulations under GDPR mean companies may find themselves significantly more liable for these errors.
There is a significant amount of older devices in the market that do not support the most recent OS releases. Coupled with phones that users choose not to or forget to upgrade, these devices create many vulnerabilities and openings for malicious actors to exploit.
If companies plan on continuing to deploy a mobile strategy in their workplace, requirements on who can access data as well as where and how the data is accessed need to be set. If vulnerabilities end up compromising consumer data, it could cost companies more than $23.6 million.
Follow Alex Hickey on Twitter