'Troubling disconnect' between mobile security threats and protections in place

Even as nearly everyone is using smartphones and tablets for critical information, few organizations have taken steps to keep the devices safe from cyber threats, according to a new survey from the Polytechnic Institute of New York University and AT&T.

[See also: Smartphones gain appeal with more docs]

A full 90 percent of respondents allowed employees to access work email via mobile devices, and 41 percent say they allow their employees to access important files via mobile devices, according to the study.

But just 65 percent reported that information and data security of wireless devices was a concern – even as 91 percent of respondents said they were concerned about computer and online data security. Fewer than one-third (29 percent) have installed anti-virus software on smartphones.

[See also: Tablet adoption by docs soars]

The survey found that 82 percent of small businesses have taken steps to secure company laptops. Meanwhile, just 32 percent are taking measures to protect smartphones, and 39 percent to protect tablets. Of those not taking security steps, fewer than half (42 percent) have plans to increase security.

"There is a troubling disconnect between business owners who want to keep data safe and the necessary steps to protect it," said Ed Amoroso, chief security officer at AT&T. "With more employees using mobile devices, especially personal devices, business data is increasingly vulnerable to cyber threats. Protecting critical information can be easy and affordable, and small businesses need to recognize the reality of today's environment – this is a step they can't afford to ignore."

Nearly four in 10 respondents (37 percent) reported being the victim of a security breach, such as a virus, mobile malware or phishing, with 21 percent being victimized within the last two years. 

It's crucial for organizations to "understand their risk profile," said Nair Memon, Professor of Computer Science and Engineering and founding director of The Center for Interdisciplinary Studies in Security and Privacy (CRISSP) at NYU-Poly. "This means treating every device that touches your network, from laptops to smartphones, as vulnerabilities and ensuring that security is built into the equation at every level."