Federal employees using personal devices are putting those devices and sensitive data at risk, according to a new study released Wednesday (Aug. 19).
According to Lookout, the mobile security company, which debuted the study titled “State of Federal BYOD,” mobile devices are “extremely prevalent” in federal agencies, even in places where use of those devices are expressly prohibited. The company analyzed data from its more than 70 million users, and drilling down into 1,000 U.S. federal employees at 20 federal agencies found more than 14,600 devices tied to those agencies’ network across Lookout accounts. Of those 14,600 devices, more than 1,780 app-based threats were uncovered.
The threats stemmed from behaviors that put devices at risk, such as jailbreaking and sideloading apps, which is a practice where apps are taken from places that do not include official online stores.
Among other behaviors deemed risky: Roughly a quarter of federal employees send work-related documents to personal email accounts, reported the study. About 50 percent use their personal devices to access work email, and another 17 percent actually keep work-related documents across their personal file-sharing applications. As pertains to the “sideloading” mentioned above, the practice was discovered across 21 percent of iPhone and 25 percent of Android users.
A full 18 percent of employees with smartphones, whether personally owned or issued by the government, said they had encountered malicious software. Of that subset, 19 percent were Android users, and 14 percent were iPhone users.
And yet, about 40 percent of employees are “willing to sacrifice” government security to use their devices at work — even while they remain mindful of cybersecurity issues. This means, according to Lookout, that education efforts are not enough. Security remains a concern while 49 percent of federal employees have no dedicated security programs installed on the very devices they bring to the office.