Despite the fact that usage of workplace smartphones is constantly on the rise, only 21 percent of American businesses are using multifactor authentication to verify a user’s identity when granting access to critical enterprise applications and data, according to a survey conducted by systems integrator Champion Solutions Group and published by Computer World.

The survey, which included 447 businesses of different sizes, revealed that 53% did not implement a formal BYOD (bring your own device) security policy. More than a quarter of respondents confessed they had no systematic security approach.

Multifactor authentication, such as SkypeShield’s Two Factor Authentication (TFA), covers a wide category of techniques to require two or more methods of authentication from independent categories of credentials when a person logs in from a device. The deployment of TFA for non-Web applications, such as Skype for Business, is even smaller as these types of applications are not covered by generic TFA solutions offered by the market.

“Mobile security best practices have been promulgated by analysts and security firms for more than a decade to protect sensitive corporate data, but there is apparently widespread variation about how companies implement security for BYOD workers,” said Champion CEO Chris Pyle.

“A growing need exists for more stringent application of security policies and procedures in modern businesses,” Champion wrote in an 18-page white paper describing the survey’s findings.