IT professionals neglect security on mobile devices
15 January 2006
A third of professionals using mobile devices such as PDAs and
smartphones don't use passwords or any other security protection and yet
three out of ten of these users store their PIN numbers, passwords and other
corporate information on them. That's according to The Mobile Usage Survey
2005, conducted for the fourth year by Pointsec Mobile Technologies and SC
Magazine. The results are even more staggering considering the survey was
conducted amongst IT professionals, who should be more knowledgeable about
security than the average employee.
The results are also significant for the health and social care sectors
as many professionals, from clinicians to social workers, are starting to
use PDAs, tablet PCs, laptops and other devices for communications and to
access patient information.
According to the survey, corporate personnel now store huge amounts of
corporate data on their mobile devices, including customer contacts, email
details, passwords and bank account details as well as personal and private
information such as friend's details, personal images and even PIN numbers,
without giving much consideration to security.
As a result, a lost PDA or Smartphone with no protection makes easy
pickings for common thieves, opportunists, hackers or competitors and could
enable them to steal your identity and get at your corporate information.
This could have a huge impact on customer confidence, cause an organisation
to breach the data protection act or do untold damage to a company's
reputation. On a personal level, it could expose you to fraud, embarrass
your friends or wreck your personal life, the survey revealed.
Since the survey was first introduced four years ago, awareness of the
risks of storing unencrypted data on a handheld is still surprisingly low
and needs to be improved to prevent security breaches. Seventy eight percent
of users do not encrypt the information on their PDA or smartphone even
though sensitive personal and valuable corporate information is being stored
on these devices, with 81% using them to store business names and addresses,
45% to receive and view emails and 27% store corporate information. Fifty
nine percent also use their devices as a business diary and 14% use them to
store information on their customers.
According to the survey, more people than ever are losing their mobile
devices. Last year just 16% had lost one, this year it has increased to 22%.
Of those that did lose their device, 81% had not encrypted their information
and admitted that they were worried that the information could fall into the
wrong hands and not only cause a security risk as corporate and private data
could be lost, but also embarrassment as friends and colleagues could be
contacted by a total stranger.
Many were concerned that losing their device would cost them money and
that they would lose "everything" as they hadn't backed-up their
information. Others were saddened that when they lost their mobile device
they had also lost photos and video clips which had not been backed up. One
interviewee lost his smartphone by "throwing the bloody thing out the
Travelling with your mobile device still appears to be the most likely
way to lose it, with the majority of them not being stolen, but forgotten in
the back of a taxi, or left in an airport or on the train. Having one too
many drinks in a nightclub or relaxing in a restaurant can also be
dangerous, as they are the next most common place to lose a device.
When people do lose their mobile device only 40% inform the police as the
rest don't believe there is anything the police can do or it costs more to
report it than to replace it.
Martin Allen, Managing Director of Pointsec said, "Handheld devices are
now firmly entrenched in our corporate and personal lives and most of us
wouldn't be able to function without them. However, with so much information
stored on them it's essential to secure them. We believe this survey shows
just the tip of the iceberg as it has been conducted amongst IT
professionals who are far more security savvy than most other handheld
device users. Our advice is secure it, or don't use it!"
The most common functions for the PDA and Smartphone are to store:
- Personal names and addresses: 86%
- Business names and addresses: 81%
- Telephone: 71%
- Business diary: 59%
- Personal diary: 55%
- Receive and view emails: 45%
- Entertainment - games, music etc: 37%
- Passwords/PIN numbers: 37%
- Personal images (photographs): 33%
- Corporate information: 27%
- Bank account details: 15%
Rene Millman, Online and UK News Editor for SC Magazine said: "I can't
believe that so many people wouldn't think to secure data on their PDA's. If
you have a mobile device with sensitive data, it has to be secure. We have
seen too many incidents where PDA's go missing or stolen only for hackers to
use information stored on the device to break into networks or steal money."
The Mobile Usage Survey 2005 was conducted among 73 IT managers, with 34%
coming from companies employing over 1,000 employees.