It’s easy to put security responsibilities solely on the shoulders of IT. After all, they’re the ones who get paid to understand different technologies and the networks they run on.

But the truth is, IT can only do so much when it comes to mobile security. If IT goes overboard and ramps up security measures too much, employee productivity suffers. On the other hand, not implementing strict security standards leaves a significant amount of security responsibilities in the hands of employees — and that’s often a scary thought.

Why? Because employees may be the weakest link when it comes to mobile security.

What Can Happen to Company Data in Employees’ Hands?

The risk of a leak of confidential company information by employees, either intentionally or accidentally, is very real. According to a Webroot survey, 60 percent of those using a mobile device for business have either no security measures or only default features set on the phone. A lost or misplaced mobile device without a password or PIN makes it effortless for anyone who finds it to gain access to confidential company information stored on the device.

And if you think most people won’t stoop to snooping, you might be surprised. In a study by Symantec, not only were 96 percent of lost mobile devices accessed when found, but 83 percent of the time, finders accessed corporate-related apps and information. That’s a pretty disconcerting statistic.

The Real Cost of Lost or Stolen Devices

Naturally, there’s a hard cost to replacing a lost or stolen device. But often this cost isn’t as significant as other associated costs. Imagine for instance, that an employee loses their phone at an industry conference. The chances of the device falling into a competitor’s hands who’s also attending the conference are high. Now, IT must spend time and valuable resources to try to wipe the phone’s data before it’s too late.

Even more costly, though, is the chance of critical business information being leaked, such as a new product launch, details on an agreement with a key partner or other confidential information. With this kind of information in the wrong hands, your company could suffer a loss of competitive advantage or harm to its brand and reputation. You can’t even begin to put a price tag on these types of impacts.

Employees Look for the Easy Button

The reality is that employees often don’t want the hassle of mobile security responsibilities. In fact, according to CIO, 25 percent of employees who leak or lose corporate data say it’s not their problem.

Apathetic employees are careless about internal mobile security practices, looking for the easiest — rather than the most secure — way to get things done. Confidential emails may be sent through personal email accounts. Employees don’t bother to set up passwords. And while there may be rules about the management of confidential files and documents or the use of multifactor authentication, there’s no good way for IT to enforce these policies. So employees ignore them and work in whichever way is most productive and convenient.

Most of the time, these mobile security issues go unnoticed. But all it takes is one serious incident to create real damage.

What’s the Solution?

Before you throw up your hands in defeat, there is good news. You may never be able to get employees to behave exactly the way you want when it comes to mobile security responsibilities (or anything else). But, you can still protect against data leakage and enable employee productivity.

Here are four key steps that businesses of any size should be looking at to better secure employee mobile devices:

1. Review Your Mobile Security Policy: Most businesses today have some form of mobile security policy in place, but we also know that many employees ignore policies that are overly restrictive and find workarounds. It’s essential you review your policies, and ensure they align with the realities of how mobile devices are used by employees in the field.

2. Take Advantage of Biometrics: Requiring strong two-factor authentication is a key way to keep employee devices safe. In combination with a password, biometric authentication methods such as fingerprint and iris scanning are quick and easy for employees.

3. Prioritize UX: Implement solutions that are designed for security without adversely impacting the user experience or productivity. For example, Samsung Knox Workspace isolates business data and applications from personal ones, so IT knows critical information is secure and managed. It provides data loss prevention measures that don’t limit employees’ personal use of their devices.

4. Communicate: Once you have an effective policy and the right technology in place, make sure you communicate clearly and regularly to ensure employees understand their mobile security rights and responsibilities.

At the end of the day, employees are only human. It’s human nature to take shortcuts or misplace an item — including a mobile device. It’s everyone’s responsibility to protect company data and ensure that employees get security right while getting their job done.

To further protect against data leaks without sacrificing productivity, take a look at these five tips for raising security awareness in your workplace.