You are in:
- Back Issues » 2005 » December
Turning a blind eye to security
IT professionals turn blind eye to mobile security as survey reveals sloppy handheld habits
A third of professionals using mobile devices such as PDAs and smartphones don't use passwords or any other security protection and yet three out of ten of these sloppy handheld happy users store their PIN numbers,passwords and other corporate information on them. That's according to today's results taken from The Mobile Usage Survey 2005,conducted for the fourth year by Pointsec Mobile Technologies and SC Magazine.The results are even more staggering considering the survey was conducted amongst IT professionals who are "hopefully" more security savvy than the average employee.
According to the survey, corporate personnel now store huge amounts of corporate data on their mobile devices,including customer contacts,email details,passwords and bank account details as well as personal and private information such as friend's details,personal images and even PIN numbers, without giving much consideration to security.
As a result, a lost PDA or Smartphone with no protection makes easy pickings for common thieves, opportunists, hackers or competitors and could enable them to steal your identity and get at your corporate information.This could have a huge impact on customer confidence, cause an organisation to breach the data protection act or do untold damage to a company's reputation.On a personal level,it could expose you to fraud,embarrass your friends or wreck your personal life, the survey revealed.
Since the survey was first introduced 4 years ago, awareness of the risks of storing unencrypted data on a handheld is still surprisingly low and needs to be improved to prevent security breaches.Seventy eight percent of users do not encrypt the information on their PDA or Smartphone even though sensitive personal and valuable corporate information is being stored on these devices with 81% using them to store business names and addresses,45% to receive and view emails and 27% store corporate information.
Fifty nine percent also use their devices as abusiness diary and 14% use them to store information on their customers.
Growing loss
According to the survey more people than ever before are losing their mobile devices,last year just 16% had lost one,this year it has increased to 22% and of those that did lose their device 81% had not encrypted their information and admitted that they were worried that the information could fall into the wrong hands and not only cause a security risk as corporate and private data could be lost,but also embarrassment as friends and colleagues could be contacted by a total stranger.
Many were concerned that losing their device would cost them money and that they would lose "everything" as they hadn't backed-up their information.Others were saddened that when they lost their mobile device they had also lost photos and video clips which had not been backed up.One interviewee lost his Smartphone by "throwing the bloody thing out the window" - clearly an overworked IT Director!
Travelling with your mobile device still appears to be the most likely way to lose it,with the majority of them not being stolen,but forgotten in the back of a taxi, or left in an airport or on the train.Having one too many drinks in a nightclub or relaxing in a restaurant can also be dangerous as they are the next most common place to lose a device.
When people do lose their mobile device only 40% inform the Police as the rest don't believe there is anything the Police can do or it costs more to report it than to replace it.
Martin Allen - Managing Director of Pointsec said,"Handheld devices are now firmly entrenched in our corporate and personal lives and most of us wouldn't be able to function without them,however,with so much information stored on them it's essential to secure them.We believe this survey shows just the tip of the iceberg as it has been conducted amongst IT professionals who are far more security savvy than most other handheld device users.Our advice is secure it,or don't use it!"
The most common functions for the PDA and Smartphone are to store:
1. Personal names and addresses - 86%
2. Business names and addresses 81%
3.Telephone 71%
4. Business diary 59%
5. Personal diary 55%
6. Receive and view emails 45%
7. Entertainment - games, music etc 37%
8. Passwords/PIN numbers 37%
9. Personal images (photographs) 33%
10. Corporate information 27%
11. Bank account details 15%
Rene Millman,Online and UK News Editor for SC Magazine said,"I can't believe that so many people wouldn't think to secure data on their PDA's. If you have a mobile device with sensitive data,it has to be secure.We have seen too many incidents where PDA's go missing or stolen only for hackers to use information stored on the device to break into networks or steal money."
The Mobile Usage Survey 2005 was conducted among 73 IT managers,with 34% coming from companies employing over 1,000 employees.
