IT professionals neglect security on mobile devices

15 January 2006

A third of professionals using mobile devices such as PDAs and smartphones don't use passwords or any other security protection and yet three out of ten of these users store their PIN numbers, passwords and other corporate information on them. That's according to The Mobile Usage Survey 2005, conducted for the fourth year by Pointsec Mobile Technologies and SC Magazine. The results are even more staggering considering the survey was conducted amongst IT professionals, who should be more knowledgeable about security than the average employee.

The results are also significant for the health and social care sectors as many professionals, from clinicians to social workers, are starting to use PDAs, tablet PCs, laptops and other devices for communications and to access patient information.

According to the survey, corporate personnel now store huge amounts of corporate data on their mobile devices, including customer contacts, email details, passwords and bank account details as well as personal and private information such as friend's details, personal images and even PIN numbers, without giving much consideration to security.

As a result, a lost PDA or Smartphone with no protection makes easy pickings for common thieves, opportunists, hackers or competitors and could enable them to steal your identity and get at your corporate information. This could have a huge impact on customer confidence, cause an organisation to breach the data protection act or do untold damage to a company's reputation. On a personal level, it could expose you to fraud, embarrass your friends or wreck your personal life, the survey revealed.

Since the survey was first introduced four years ago, awareness of the risks of storing unencrypted data on a handheld is still surprisingly low and needs to be improved to prevent security breaches. Seventy eight percent of users do not encrypt the information on their PDA or smartphone even though sensitive personal and valuable corporate information is being stored on these devices, with 81% using them to store business names and addresses, 45% to receive and view emails and 27% store corporate information. Fifty nine percent also use their devices as a business diary and 14% use them to store information on their customers.

According to the survey, more people than ever are losing their mobile devices. Last year just 16% had lost one, this year it has increased to 22%. Of those that did lose their device, 81% had not encrypted their information and admitted that they were worried that the information could fall into the wrong hands and not only cause a security risk as corporate and private data could be lost, but also embarrassment as friends and colleagues could be contacted by a total stranger.

Many were concerned that losing their device would cost them money and that they would lose "everything" as they hadn't backed-up their information. Others were saddened that when they lost their mobile device they had also lost photos and video clips which had not been backed up. One interviewee lost his smartphone by "throwing the bloody thing out the window".

Travelling with your mobile device still appears to be the most likely way to lose it, with the majority of them not being stolen, but forgotten in the back of a taxi, or left in an airport or on the train. Having one too many drinks in a nightclub or relaxing in a restaurant can also be dangerous, as they are the next most common place to lose a device.

When people do lose their mobile device only 40% inform the police as the rest don't believe there is anything the police can do or it costs more to report it than to replace it.

Martin Allen, Managing Director of Pointsec said, "Handheld devices are now firmly entrenched in our corporate and personal lives and most of us wouldn't be able to function without them. However, with so much information stored on them it's essential to secure them. We believe this survey shows just the tip of the iceberg as it has been conducted amongst IT professionals who are far more security savvy than most other handheld device users. Our advice is secure it, or don't use it!"

The most common functions for the PDA and Smartphone are to store:

1. Personal names and addresses: 86%
2. Business names and addresses: 81%
3. Telephone: 71%
4. Business diary: 59%
5. Personal diary: 55%
6. Receive and view emails: 45%
7. Entertainment - games, music etc: 37%
8. Passwords/PIN numbers: 37%
9. Personal images (photographs): 33%
10. Corporate information: 27%
11. Bank account details: 15%

Rene Millman, Online and UK News Editor for SC Magazine said: "I can't believe that so many people wouldn't think to secure data on their PDA's. If you have a mobile device with sensitive data, it has to be secure. We have seen too many incidents where PDA's go missing or stolen only for hackers to use information stored on the device to break into networks or steal money."

The Mobile Usage Survey 2005 was conducted among 73 IT managers, with 34% coming from companies employing over 1,000 employees.

To top