Report: Most Feds Break Smartphone Security Rules

Despite agency policies, many federal employees download unauthorized apps and connect personal devices to agency networks.

“Despite the fact that over half of government agencies are experiencing security events via the mobile device, many are still ill-equipped to handle these incidents,” said Lookout researchers. They attributed the lack of preparedness to employees not following cybersecurity rules and agencies not fully understanding how to combat current mobile cyber threats.

In addition to employees failing to follow best practices when it comes to keeping mobile devices secure, researchers also found cybersecurity guidelines are inconsistent across government.

Roughly half of federal agencies bar employees from downloading unapproved apps on work devices, and only 54 percent require people to lock those devices with a PIN or passcode. Furthermore, only 35 percent of agencies prohibit employees from connecting work devices to non-government WiFi, and just 51 percent call on employees to update the software on their devices in a timely manner.

Feds have begun revisiting policies for mobile devices in recent months amid a handful of high-profile security incidents. In January, the Trump administration banned all personal electronics from the White House citing security concerns, and Defense Secretary James Mattis is reportedly considering prohibiting people from bringing cell phones into the Pentagon in the wake of the Strava data dump.