Welcome!

News Feed Item

Lookout Report: 84% of IT Executives Expect Data Accessed on Mobile To Cause GDPR Violations

Lookout launches the Mobile Risk Assessment to help enterprises understand how personal and corporate data on mobile devices can pose a risk to compliance

SAN FRANCISCO, Nov. 14, 2017 /PRNewswire/ -- Lookout, the global leader in securing mobility, today released a new report which found that accessing data from mobile devices presents a significant risk for GDPR noncompliance. According to the report, "FindingGDPR Noncompliance in a Mobile FirstWorld," 84 percent of U.S. security and IT executives agree that personal data accessed on employees' mobile devices could put their company at risk for GDPR noncompliance. In fact, 64 percent of U.S. employees say they do access their organization's customer, partner and employee data while on their mobile device.

In conjunction with the new report, Lookout has launched the Mobile Risk Assessment to provide organizations with a custom assessment of their mobile risk based on a two-minute online questionnaire. The assessment describes clear steps an organization can take to mitigate their business and compliance risks.

"As organizations increasingly rely on mobile devices, the amount of personal and corporate data these devices access has grown exponentially, turning the mobile device into a valuable target," said Aaron Cockerill, chief strategy officer at Lookout. "Enterprises are exposed to a new spectrum of risk as it relates to corporate data leakage and regulatory compliance. Looking towards the impending GDPR regulations, we provide the guidance CISOs need to understand their risks and to help them reach compliance across their mobile fleet."

Key highlights from the "Finding GDPR Noncompliance in a Mobile First World" report include:

  • GDPR regulated personal data is accessed by employee mobile devices: Nearly 78 percent of U.S. employees say they have access to corporate contacts on their mobile device. Further, 85 percent of IT and security executives say employees have access to enterprise apps, many of which likely store sensitive corporate data.
  • Personal and work lives overlap on mobile: Over 70 percent of U.S. employees report using the same phone for personal and work purposes. In addition, 81 percent of U.S. security and IT executives say that the majority of employees are approved to install personal apps on the device they use for work purposes. As such employees are the ones choosing what apps they use to access and manipulate corporate data, putting corporate data at risk.
  • PII is at risk of compromise on mobile: Thirty-two percent of U.S. employees with titles of VP and above report their phone has been hacked or compromised. And, 41 percent of U.S. employees admit they open links on their mobile device even if they are not 100 percent sure the links are safe, which could put PII data both on the phone and desktop at risk.
  • Employees download apps without the company's knowledge: Sixty-three percent of U.S. employees say they download apps outside of the ones their company provides to do their job. This is concerning as half of U.S. employees state they download applications outside of the main app stores (Google Play and Apple App Store), and 67 percent of U.S. employees confirm they regularly allow apps to access their contacts.
  • Employees aren't protected against app and device vulnerabilities: 23 percent of U.S. employees say they do not have automatic updates enabled on their apps and device operating system. These updates are essential to corporate security since, according to public vulnerability insights, 54 percent of the 699 CVEs patched since iOS 9 up until iOS 11 were considered high or critical severity.

All organizations that handle data for individuals in Europe need to prepare for GDPR compliance today, including any U.S.-based companies that do business or offer services in Europe. As research firm Gartner noted in a recent report, "By 2019, 30% of organizations will face significant financial exposure from regulatory bodies due to their failure to comply with GDPR requirements to protect personal data on mobile devices." (1) Given the impending GDPR compliance regulations, CISOs need to recognize the security risks that mobile presents to both personal and corporate data. As employees continue to require access to data on mobile, CISOs will need to:

  • Understand how data can be leaked or taken from mobile devices: It is essential for CISOs to understand how data on employee devices could be maliciously taken or accidentally leaked from the device. Lookout provides visibility into a variety of mobile risks that expose personal data, including malicious apps that steal information, device vulnerabilities that can be exploited, apps that leak data, man-in-the-middle attacks, and mobile phishing attempts.
  • Gain control and manage personal data accessed by mobile: Beyond visibility, CISOs need to be able to take immediate action to mitigate potential risks to corporate data. The Lookout Mobile Endpoint Security solution gives admins control across the entire spectrum of mobile risk through custom notification and remediation policies. For example, Lookout Mobile Endpoint Security seamlessly integrates with multiple EMM providers to allow CISOs to establish risk-based conditional access policies to ensure sensitive data stays secure.
  • Accelerate the notification process if there has been a corporate breach: Under the GDPR requirements, if PII data is compromised, the CISO will need to notify the Data Protection Officer as soon as possible with relevant details regarding the breach. Lookout Mobile Endpoint Security provides timely notifications to administrators when data may be maliciously exfiltrated or accidentally leaked from a mobile device, arming administrators with detailed information about the identified issue within the Lookout console to enable notification to the supervisory authority without undue delay.
  • Protect employee data with a solution that adheres to Privacy by Design Principles: As CISOs consider their current and future solution providers, they will need to select organizations that fit within their compliance strategy as it relates to GDPR regulations. Lookout adheres to data minimization and purposeful data collection principles and has robust privacy controls, including the ability to restrict collection of any PII data associated with users or devices under management, as well as limit end user information presented to administrators of the Lookout solution.

To read the full "Finding GDPR Noncompliance in a Mobile First World" report, including visual representations of the survey data, visit www.lookout.com/info/wp-gdpr-lp. To take the Lookout Mobile Risk Assessment, visit lookout.com/mra. To learn more about Lookout Mobile Endpoint Security, visit https://www.lookout.com/products/mobile-endpoint-security.

(1) Gartner, Revisit Your Enterprise Mobility Management Practices to Prepare for EU GDPR, Manjunath Bhat, Bart Willemsen, 9 May 2017

About Lookout
Lookout is a cybersecurity company for a world run by apps. Powered by the largest dataset of mobile code in existence, Lookout is the security platform of record for mobile device integrity and data access. Lookout is trusted by hundreds of millions of individuals, hundreds of enterprises and government agencies, and such ecosystem partners as AT&T, Deutsche Telekom and Microsoft. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, Sydney, Tokyo, Toronto and Washington, D.C. To learn more, visit www.lookout.com and follow Lookout on its blog, LinkedIn, and Twitter.

Data Methodology
An online survey was conducted to a panel of potential U.S. and U.K respondents. The recruitment period was September 5, 2017 to September 15, 2017. A total of 2062 respondents completed the survey (excluding terminates and abandonments). All respondents were 18 years of age or older, employed full time at a company with 1,000 employees or more, and work for a company that has employees and/or customers/partners in the European Union (this excludes the UK; If only customers/partners, the company must store their personal data). 1,000 of the respondents were a decision maker or involved in decision making process as related to IT security, and had a title level above intern, entry level, analyst/associate. The sample was provided by Market Cube, a research panel company. All were invited to take the survey via an email invitation. The margin of error was 3.1%.

 

View original content:http://www.prnewswire.com/news-releases/lookout-report-84-of-it-executives-expect-data-accessed-on-mobile-to-cause-gdpr-violations-300555381.html

SOURCE Lookout

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, examined the regulations and provided insight on how it affects technology, challenges the established rules and will usher in new levels of diligence arou...
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. In his session at @BigDataExpo, Jack Norris, Senior Vice President, Data and Applications at MapR Technologies, reviewed best practices t...
In his general session at 21st Cloud Expo, Greg Dumas, Calligo’s Vice President and G.M. of US operations, discussed the new Global Data Protection Regulation and how Calligo can help business stay compliant in digitally globalized world. Greg Dumas is Calligo's Vice President and G.M. of US operations. Calligo is an established service provider that provides an innovative platform for trusted cloud solutions. Calligo’s customers are typically most concerned about GDPR compliance, application p...
Mobile device usage has increased exponentially during the past several years, as consumers rely on handhelds for everything from news and weather to banking and purchases. What can we expect in the next few years? The way in which we interact with our devices will fundamentally change, as businesses leverage Artificial Intelligence. We already see this taking shape as businesses leverage AI for cost savings and customer responsiveness. This trend will continue, as AI is used for more sophistica...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
"Evatronix provides design services to companies that need to integrate the IoT technology in their products but they don't necessarily have the expertise, knowledge and design team to do so," explained Adam Morawiec, VP of Business Development at Evatronix, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intelligence and B...
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software. They hope to capture value from emerging technologies such as IoT, SDN, and AI. Ultimately, irrespective of the vertical, it is about deriving value from independent software applications participating in an ecosystem as one comprehensive solution. In his session at @ThingsExpo, Kausik Sridhar, founder and CTO of Pulzze Systems, discussed how given the magnitude of today's application ...
DevOps promotes continuous improvement through a culture of collaboration. But in real terms, how do you: Integrate activities across diverse teams and services? Make objective decisions with system-wide visibility? Use feedback loops to enable learning and improvement? With technology insights and real-world examples, in his general session at @DevOpsSummit, at 21st Cloud Expo, Andi Mann, Chief Technology Advocate at Splunk, explored how leading organizations use data-driven DevOps to clos...
The 22nd International Cloud Expo | 1st DXWorld Expo has announced that its Call for Papers is open. Cloud Expo | DXWorld Expo, to be held June 5-7, 2018, at the Javits Center in New York, NY, brings together Cloud Computing, Digital Transformation, Big Data, Internet of Things, DevOps, Machine Learning and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding busin...
Nordstrom is transforming the way that they do business and the cloud is the key to enabling speed and hyper personalized customer experiences. In his session at 21st Cloud Expo, Ken Schow, VP of Engineering at Nordstrom, discussed some of the key learnings and common pitfalls of large enterprises moving to the cloud. This includes strategies around choosing a cloud provider(s), architecture, and lessons learned. In addition, he covered some of the best practices for structured team migration an...
Recently, REAN Cloud built a digital concierge for a North Carolina hospital that had observed that most patient call button questions were repetitive. In addition, the paper-based process used to measure patient health metrics was laborious, not in real-time and sometimes error-prone. In their session at 21st Cloud Expo, Sean Finnerty, Executive Director, Practice Lead, Health Care & Life Science at REAN Cloud, and Dr. S.P.T. Krishnan, Principal Architect at REAN Cloud, discussed how they built...
The “Digital Era” is forcing us to engage with new methods to build, operate and maintain applications. This transformation also implies an evolution to more and more intelligent applications to better engage with the customers, while creating significant market differentiators. In both cases, the cloud has become a key enabler to embrace this digital revolution. So, moving to the cloud is no longer the question; the new questions are HOW and WHEN. To make this equation even more complex, most ...
As you move to the cloud, your network should be efficient, secure, and easy to manage. An enterprise adopting a hybrid or public cloud needs systems and tools that provide: Agility: ability to deliver applications and services faster, even in complex hybrid environments Easier manageability: enable reliable connectivity with complete oversight as the data center network evolves Greater efficiency: eliminate wasted effort while reducing errors and optimize asset utilization Security: imple...