Mobile security remains a BYOD hurdle at the federal level

Around half of federal employees use smartphones and tablets for work, but most of those devices aren't secured well

Just like employees in the private sector, government employees are reveling in the productivity gains of accessing their office apps and data from their smartphones and tablets. However, not unlike private companies, federal agencies are falling short on securing those devices, potentially increasing the ease with which malicious hackers and cyber criminals can get their hands on potentially sensitive Federal data, be it Social Security numbers, FBI files, and so forth.

The good news, per the Telework Exchange's 2013 Digital Dilemma Report, is that federal employees are gaining, on average, nine more hours of productivity per week thanks to the adoption of work-connected mobile devices. The exchange equates that to an extra $28 billion worth of man-hours per year.

Saving money and boosting productivity are obvious and well-documented benefits of mobile computing and BYOD, so those figures aren't necessarily surprising. However, digging deeper into the data reveals some points of concern about data security.

First, a glimpse of which devices federal employees are using and how: Just under half said they use their personal devices for work purposes. Ninety-three percent use laptops, 64 percent use smartphones, and 19 percent use tablets. Overall, 76 percent of federal employees use mobile devices to access government data, while 42 percent store their email on their devices.

Unfortunately, federal agencies don't seem to be doing an adequate job ensuring that the government data flowing to and from mobile devices is sufficiently secure. (This isn't to say that the private sector, in general, has done a great job in getting a handle on mobile security either. It's not a simple task, to which IT pros can attest.) For example, 79 percent of federal employees have multifactor authentication on their laptops, but only 27 percent have it on their smartphones and tablets. Seventy-six percent have a secure remote connection from their laptops, compared to 27 percent who have that on their mobile devices. Interestingly, though, 24 percent of federal employees' smartphones and tablets are equipped with remote data-wipe functionality, compared to 11 percent of federal laptops.

Here's yet more doom and gloom from the report: 85 percent of federal employees said they have downloaded at least one app to their personal device, a point of concerns considering the 185 percent rise in mobile malware attacks over the past year.

To their credit, agencies are educating employees about mobile security. Eighty-four percent of respondents said they knew who to call if they have a mobile device security question or concern; 80 percent said they have reviewed written mobile device security information; and 74 percent have participated in mobile device security training in the past 12 months.

On the other hand, only 11 percent of employees said they knew whether their organization had any kind of official BYOD policy. Sixty-one percent said theirs didn't have one, and the other 28 percent said they weren't sure.

The Telework Exchange offers straightforward advice: Federal agencies must accept the fact that employees will use their personal devices for work and develop clear BYOD guidelines accordingly. They should then enforce regulations to ensure data and network security -- and help the cause by enabling secure connections and data access.

The Telework Exchange is hosting a Webcast about mobility, security, and productivity on Feb. 12. More information is available The Telework Exchange's website. Also consider checking out InfoWorld's guide to a successful BYOD and mobile IT strategy.

This story, "Mobile security remains a BYOD hurdle at the federal level," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.

Copyright © 2013 IDG Communications, Inc.