Survey after survey from security vendors and research firms show that businesses are worried about the risks of employees using their own mobile devices for work. But are companies overlooking the bigger risks that come with thumb drives and plain old-fashioned paper files?
In these surveys, security- and data-center managers routinely put BYOD at the top of the list of potential sources of data loss. Nonetheless, huge majorities allow employees to use personal smartphones for work purposes.
Worse, users at 59 percent of companies with BYOD programs turn off or work around passwords and other security installed by IT to prevent data loss, according to a Ponemon Institute study on global security risks.
A report issued this week by Kaspersky Lab showed that a third of 1,762 UK-based IT managers surveyed believe lost data would have a negative business impact, but only 32 percent have a clear idea of what business data employees are carrying on their mobile devices.
However, many companies are busy implementing mobile security systems, according to a survey released by Symantec, in which 90 percent of respondents said they plugged the holes created by BYOD with a variety of mobile security and management approaches.
Despite all the surveys about BYOD security concerns, they don't indicate that companies are doing much to secure the data-capable devices lost or stolen most often in corporate environments -- USB drives. Neither users nor IT keep close-enough track of flash drives to even guess how many of the hundreds of millions of them are floating around their own offices.
Yet when asked to name the three items most often lost or stolen, 39 percent of those surveyed in the Kaspersky study picked USB drives compared to the 26 percent who named smartphones as a leading risk.
Of the most-stolen items, in fact, smartphones barely made the top five, behind flash drives, chargers for mobile devices, other bits of unspecified "office equipment" and manila paper folders.
If you take into account the surveys showing insiders are still to blame for the majority of data-loss and other corporate-security incidents, and see the stories showing that techniques like briefcase stealing or dumpster diving are at least as effective and much easier than hacking, it's clear the security fears of corporate America have adapted to the digital age more quickly than the risks themselves.
Smartphones unsecured on purpose by end users are certainly a security threat. Are they a bigger threat than the chance an insider could walk out with a pile of file folders with sensitive information? It's even easier to lose or steal a USB drive and, if you think about what you actually use them for, flash drives aren't usually much more than digital file folders.
There are so many vendors working on ways to secure, hide, erase or recover mobile devices that it would take too long to list them all.
But I can't remember the last time I heard a solution to the problem of the disappearing file folder or flash drive.
Kevin Fogarty is a freelance writer covering networking, security, virtualization, cloud computing, big data and IT innovation. His byline has appeared in The New York Times, The Boston Globe, CNN.com, CIO, Computerworld, Network World and other leading IT publications. View Full Bio