Enterprises are doing a poor job of securing workers’ handheld devices, according to a report released Thursday by Orange and Quocirca.

The survey of 2,035 IT professionals in the UK found that one in five companies that already have wide deployments of mobile devices has no policies in place for mobile security. Of the surveyed companies that do have mobile security policies, more than 60 percent say their policy is not enforced.
The survey mainly looked at security from the point of view of ensuring that unauthorised people can’t use employees’ devices to access corporate information, rather than examining protection against viruses or other malware.

The study found that 80 percent of businesses surveyed said that their employees are the main threat to mobile security. But the report's author says that IT departments have tools that they can use to help secure the devices.

One policy that IT departments should be implementing is remote management capabilities that can help in case a device is lost or stolen, said Rob Bamforth, an analyst at Quocirca and the report’s author. For example, synchronising the device with back-end servers can ensure that data stored on the device isn’t lost. Enterprises can also implement remote wipe or kill features that delete data or make devices unusable if they are lost or stolen.

Mobile device management should also include a legal aspect if case sensitive data is stolen, as well as insurance for any financial implications of lost data, Bamforth noted.

IT departments should also be responsible for deploying products for securing devices such as firewalls and VPN protection, said Shaun Orpen, vice president of marketing for Orange UK.

Part of the reason that IT departments may not be implementing these security policies is that handheld devices are generally perceived as cheaper, easier to replace and less intrinsically valuable than laptops, said Bamforth. “But of course they could be carrying something of massive intrinsic value,” he said. Such devices are increasingly capable of accessing corporate data.

The widespread use of consumer electronic devices may actually be helping to change the perception of handheld devices in the enterprise, he said. “You could be carrying a very valuable record collection on an iPod, for example, so the expectation of value is going to change,” he said.