A recent survey conducted by Litéra, a leading provider of productivity and risk mitigation solutions for legal and corporate markets worldwide, "Mobile Device Usage and Document Security," indicates that of the 96% of business professionals who are using mobile devices to store, access and send sensitive material, the majority are doing so without email encryption or metadata removal. If messages are not cleaned before they are sent, critical data within them can be revealed. It is evident that companies are beginning to recognize the significant impact of this security risk, as one-third of the IT respondents say they now have server-based metadata scrubbing tools.
The 22-question, web-based survey, conducted in early 2012, polled 303 mobile device users (two-thirds of whom work in IT) across multiple industries — including life sciences, financial services and professional services — with the majority of the respondents working in the legal sector. Some of the questions were posed specifically for and answered only by the IT participants.
The questions were grouped into categories: General, Mobile Devices Used, How Mobile Devices Are Used for Access to Business Email and Business Documents. The survey also examined the views and systems in place for reducing risk from both disclosure of information via document metadata and email encryption.
Metadata is defined most simply as "data about data." This hidden information located within most documents can include author and reviewer names, document revisions, comments, distribution of the document and total editing time. Metadata often includes client and firm confidential information that can be revealed through repurposing, tracked changes and, more recently, messages forwarded from a mobile device.
The survey revealed the extent to which mobile devices have expanded the reach of the office. Nearly all of the respondents said they use their devices to access business email messages every day and 89% store business documents on their mobile devices. The risk of metadata leaking occurs when these documents are sent as attachments. Nearly 86% of those polled forward email with document attachments at least once a month (30% said they do so multiple times each working day). Additionally, a third of professionals have access to their organizations' document management systems from their mobile devices.
Respondents report using a variety of mobile devices, including iPhones, Androids, and Blackberry smartphones, as well as tablets, such as the iPad. While the review and editing of documents is done on smartphones, tablets are generally preferred for these tasks. Though just one fifth of the respondents said they currently use iPads, Apple tablet usage is predicted to increase by about 40% in the coming year. With this trend, along with the popularity of other tablets, out-of-the-office business activity involving the review and editing of documents that might contain sensitive material, including metadata, will continue to grow.
The survey's IT respondents said they were aware of the need for document security at the granular level and had taken steps to address the issue. Over a third acknowledged the high risk of sensitive information leaking via document metadata, and therefore, 92% have a metadata scrubbing solution in place. However, only 32% have a server-based metadata cleaning solution, which scrubs email attachments sent from mobile devices.
Most of the IT respondents also saw a need for email encryption, as 47% deemed encryption a high priority, 42% a medium concern and just 11% considered it of little importance. However, only 16% of the respondents encrypt all their email, while 75% encrypt some messages. More than half of the respondents use a server-based encryption solution, 31% a desktop solution and 13% a cloud-based solution.
CATHY BRODE is the director of Corporate Markets at Litéra Corp. and has over 20 years of experience in server-based document and content processing, particularly around document security.