Small and midsized companies often don't have a clear view of the data held by their employees on their mobile devices, according to research from IT security company Kaspersky Lab.
This comes despite a growing acceptance of the trend towards 'bring your own device' (BYOD) in the workplace.
Figures from the research show that 60% of SMBs have only a basic understanding of what company data is stored on employees' devices. They defined the 'basic understanding' themselves.
In addition, only 35% of IT managers admitted to having strict enough rules in place to provide an accurate overview of company information on personal devices.
This is despite the fact that about a third of small businesses and a third of midsized businesses are actively allowing more employees to use their own devices at work.
A Kaspersky executive said this portrays a severe weakness for many SMBs.
"You only need to look at the statistics showing the number of devices lost or stolen each year to see why it is so important for SMBs to have an accurate overview of what company information employees have on personal devices," said David Emm, Senior Security Researcher, Kaspersky Lab.
"Only when clear BYOD rules are in place, can adequate steps be taken to build a robust security solution should a device be lost or stolen. To best protect data a policy should include file encryption, blocking access to the corporate network and, in the best case, wiping all data on the device."
Only 7% of small firms and 9% of midsized businesses said they prohibited BYOD.
The figures derive from research carried out for Kaspersky's Global IT Security Risks report by market research firm TNS Infrastest.