The employee is a great factor for both good and bad in mobile security. In a recent CSO survey, 28% of all mobile users use their mobile devices to access the Internet, and 86% of them admitted to having no mobile security. A careless or security-unconscious user can easily put an organization's confidential information at risk.

Lack of mobile user training and awareness is a major factor that contributes to many user errors and incidents. A less-trained user may not even know a procedure to handle security. In some cases, a mobile user may simply bypass any required configuration procedures in order to get a job done.

Employee education and awareness should become a valuable corporate culture. A well trained employee can help an organization to greatly minimize mobile security risks. [See also !] It is critical that all security policies should get buy-in from lines of business leadership, end users and support team across the organization.

Organizations should put employees in a driver seat for an effective security governance effort. They can become a most critical layer of security defense in any risk mitigation strategy.