Lookout Report: 84% of IT Executives Expect Data Accessed on Mobile To Cause GDPR Violations
SAN FRANCISCO, Nov. 14, 2017 /PRNewswire/ -- Lookout, the global leader in securing mobility, today released a new report which found that accessing data from mobile devices presents a significant risk for GDPR noncompliance. According to the report, "FindingGDPR Noncompliance in a Mobile FirstWorld," 84 percent of U.S. security and IT executives agree that personal data accessed on employees' mobile devices could put their company at risk for GDPR noncompliance. In fact, 64 percent of U.S. employees say they do access their organization's customer, partner and employee data while on their mobile device.
In conjunction with the new report, Lookout has launched the Mobile Risk Assessment to provide organizations with a custom assessment of their mobile risk based on a two-minute online questionnaire. The assessment describes clear steps an organization can take to mitigate their business and compliance risks.
"As organizations increasingly rely on mobile devices, the amount of personal and corporate data these devices access has grown exponentially, turning the mobile device into a valuable target," said Aaron Cockerill, chief strategy officer at Lookout. "Enterprises are exposed to a new spectrum of risk as it relates to corporate data leakage and regulatory compliance. Looking towards the impending GDPR regulations, we provide the guidance CISOs need to understand their risks and to help them reach compliance across their mobile fleet."
Key highlights from the "Finding GDPR Noncompliance in a Mobile First World" report include:
-- GDPR regulated personal data is accessed by employee mobile devices:
Nearly 78 percent of U.S. employees say they have access to corporate
contacts on their mobile device. Further, 85 percent of IT and security
executives say employees have access to enterprise apps, many of which
likely store sensitive corporate data.
-- Personal and work lives overlap on mobile: Over 70 percent of U.S.
employees report using the same phone for personal and work purposes. In
addition, 81 percent of U.S. security and IT executives say that the
majority of employees are approved to install personal apps on the
device they use for work purposes. As such employees are the ones
choosing what apps they use to access and manipulate corporate data,
putting corporate data at risk.
-- PII is at risk of compromise on mobile: Thirty-two percent of U.S.
employees with titles of VP and above report their phone has been hacked
or compromised. And, 41 percent of U.S. employees admit they open links
on their mobile device even if they are not 100 percent sure the links
are safe, which could put PII data both on the phone and desktop at
risk.
-- Employees download apps without the company's knowledge: Sixty-three
percent of U.S. employees say they download apps outside of the ones
their company provides to do their job. This is concerning as half of
U.S. employees state they download applications outside of the main app
stores (Google Play and Apple App Store), and 67 percent of U.S.
employees confirm they regularly allow apps to access their contacts.
-- Employees aren't protected against app and device vulnerabilities: 23
percent of U.S. employees say they do not have automatic updates enabled
on their apps and device operating system. These updates are essential
to corporate security since, according to public vulnerability insights,
54 percent of the 699 CVEs patched since iOS 9 up until iOS 11 were
considered high or critical severity.
All organizations that handle data for individuals in Europe need to prepare for GDPR compliance today, including any U.S.-based companies that do business or offer services in Europe. As research firm Gartner noted in a recent report, "By 2019, 30% of organizations will face significant financial exposure from regulatory bodies due to their failure to comply with GDPR requirements to protect personal data on mobile devices." (1) Given the impending GDPR compliance regulations, CISOs need to recognize the security risks that mobile presents to both personal and corporate data. As employees continue to require access to data on mobile, CISOs will need to:
-- Understand how data can be leaked or taken from mobile devices: It is
essential for CISOs to understand how data on employee devices could be
maliciously taken or accidentally leaked from the device. Lookout
provides visibility into a variety of mobile risks that expose personal
data, including malicious apps that steal information, device
vulnerabilities that can be exploited, apps that leak data,
man-in-the-middle attacks, and mobile phishing attempts.
-- Gain control and manage personal data accessed by mobile: Beyond
visibility, CISOs need to be able to take immediate action to mitigate
potential risks to corporate data. The Lookout Mobile Endpoint Security
solution gives admins control across the entire spectrum of mobile risk
through custom notification and remediation policies. For example,
Lookout Mobile Endpoint Security seamlessly integrates with multiple EMM
providers to allow CISOs to establish risk-based conditional access
policies to ensure sensitive data stays secure.
-- Accelerate the notification process if there has been a corporate
breach: Under the GDPR requirements, if PII data is compromised, the
CISO will need to notify the Data Protection Officer as soon as possible
with relevant details regarding the breach. Lookout Mobile Endpoint
Security provides timely notifications to administrators when data may
be maliciously exfiltrated or accidentally leaked from a mobile device,
arming administrators with detailed information about the identified
issue within the Lookout console to enable notification to the
supervisory authority without undue delay.
-- Protect employee data with a solution that adheres to Privacy by Design
Principles: As CISOs consider their current and future solution
providers, they will need to select organizations that fit within their
compliance strategy as it relates to GDPR regulations. Lookout adheres
to data minimization and purposeful data collection principles and has
robust privacy controls, including the ability to restrict collection of
any PII data associated with users or devices under management, as well
as limit end user information presented to administrators of the Lookout
solution.
To read the full "Finding GDPR Noncompliance in a Mobile First World" report, including visual representations of the survey data, visit www.lookout.com/info/wp-gdpr-lp. To take the Lookout Mobile Risk Assessment, visit lookout.com/mra. To learn more about Lookout Mobile Endpoint Security, visit https://www.lookout.com/products/mobile-endpoint-security.
(1) Gartner, Revisit Your Enterprise Mobility Management Practices to Prepare for EU GDPR, Manjunath Bhat, Bart Willemsen, 9 May 2017
About Lookout
Lookout is a cybersecurity company for a world run by apps. Powered by the largest dataset of mobile code in existence, Lookout is the security platform of record for mobile device integrity and data access. Lookout is trusted by hundreds of millions of individuals, hundreds of enterprises and government agencies, and such ecosystem partners as AT&T, Deutsche Telekom and Microsoft. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, Sydney, Tokyo, Toronto and Washington, D.C. To learn more, visit www.lookout.com and follow Lookout on its blog, LinkedIn, and Twitter.
Data Methodology
An online survey was conducted to a panel of potential U.S. and U.K respondents. The recruitment period was September 5, 2017 to September 15, 2017. A total of 2062 respondents completed the survey (excluding terminates and abandonments). All respondents were 18 years of age or older, employed full time at a company with 1,000 employees or more, and work for a company that has employees and/or customers/partners in the European Union (this excludes the UK; If only customers/partners, the company must store their personal data). 1,000 of the respondents were a decision maker or involved in decision making process as related to IT security, and had a title level above intern, entry level, analyst/associate. The sample was provided by Market Cube, a research panel company. All were invited to take the survey via an email invitation. The margin of error was 3.1%.
View original content:http://www.prnewswire.com/news-releases/lookout-report-84-of-it-executives-expect-data-accessed-on-mobile-to-cause-gdpr-violations-300555381.html
SOURCE Lookout
