Experts at the University of Glasgow, looking at a sample of mobile phones returned by the employees from one Fortune 500 company, reported they were able to retrieve large amounts of sensitive corporate and personal information from the devices.
If the devices were to be lost by employees, such data could create potential security risks, inviting breaches on both an individual and corporate level, they said.
"This study indicates that relatively featureless mobile phones are putting organizations at significant potential risk," computer forensics researcher Brad Glisson said in a university release. "The amount of corporate information involved is potentially substantial considering that the study targeted low end phones.
The data recovered from 32 handsets in the study included a number of items that could potentially cause significant security risks and lead to the leakage of valuable intellectual property or expose the company to legal conflicts, the researchers said.
"The type of data stored on corporate mobile devices included corporate and personal information that is potentially putting both the company and the individual at risk," Glisson said.
"This exploratory case study clearly demonstrates the need for appropriate policies and guidelines governing use, security and investigation of these devices as part of an overall business model. This becomes even more apparent as businesses gravitate towards the cloud."