Last week I delivered a webinar for the Association of Employment and Learning Providers on mobile learning when I talked about the benefits of mobile use, but more importantly also raised the awareness of the pros and cons of the growing BYOD, (bring your own device), trend which is making many employers nervous. Not surprising when you see the sums of money that some organisations have been fined for breaches of the UK’s Data Protection Act due to the use of mobile devices. It also wasn’t surprising that following the webinar there were many questions about mobile use and data security.
According to a recent survey by PWC, for the Department for Business Innovation and Skills, 87% of large organisations and 65% of small businesses now allow mobile devices to connect to their IT systems, with around 50% allowing staff to use their own mobile devices. Interestingly more small businesses, (29%), than large businesses, (23%), train staff in the threats associated with mobile devices, and only 8% of SMEs are using mobile device management software to manage the risks. In another survey it was found that many employees are unaware that their organisation could be fined £500k for the loss of personal data on their mobile devices. Just last year a survey of 798 IT practitioners found that only 19% said their organisations knew how much regulated data was on mobile devices. It’s not surprising then that the number of data security breaches is growing year on year, with 93% of large organisations having a security breach in 2012/13 and 87% of SMEs.
In 2012 the Royal Veterinary College was fined under the Data Protection Act for the theft of a member of staff’s camera memory card which contained images of job applicants. An additional reason for the fine was that the college had not included the use of personal devices in the workplace in their policies and procedures. The action required was to implement an induction and mandatory training, which included the use of personal devices.
In 2010 A4E, a large training provider, was fined £60,000 when an unencrypted laptop was stolen from a member of staff’s home. It was found that the organisation had inappropriate organisational and technical measures.
All this sounds very scary! Not surprising then that many employers and training organisations are shying away from embracing mobile technology and therefore mobile learning. As worrying, are those who are boldly embracing the use of mobile use without the awareness of the risks, the solutions for reducing them and a strategy in place for their use. So what is the answer? I believe it’s down to raising the awareness of the risks and what an organisation can reasonably implement within their own boundaries, financially and technically, to minimise those risks. In some cases the required action will just be a strategy and procedures for training staff and the acceptable use of mobile devices. Wouldn’t it be a great shame if the risks of using mobile devices are seen as too great for the large number of educational organisations and SMEs that could massively benefit from their use across their whole organisation.
Author: Carolyn Lewis, Managing Director of Elearning Marketplace Ltd and a learning technologist consultant.