Sophos reveals lax mobile device password use
67% of mobile users polled do not have passwords on mobile phones
Sixty-seven percent of mobile phone users do not have passwords on their devices; according to a study commissioned by IT security and data protection firm Sophos.
The study, conducted by TNS also revealed that 22% of customers polled have lost a mobile phone in the past, and 12% have had a phone stolen.
Fifty-seven percent of respondents have password protection on their mobile devices and laptops, but 18% of those admitted using the same password for everything.
Sixty percent of those surveyed agreed that device theft or loss was the biggest security threat to mobile devices.
Lost mobile devices are also a growing concern for businesses, since employees are using them more and more for work.
According to Sophos, users are one of the biggest weak spots in an organisation's security, making employee education about online threats a key focus for IT managers.
Sophos has launched a free mobile security toolkit containing top tips for users for creating secure passcodes, a user-targeted video and presentation, whitepapers and a sample security policy.
"More and more people are using personal laptops, smartphones and tablets when they're working remotely. While this helps to improve productivity and innovation in a business, it is essential to address the security and operational issues relating to mobile devices now, rather than getting caught out later," said James Lyne, director of technology strategy at Sophos. "If an employee's unprotected personal laptop falls into the wrong hands, it can be easy for someone to access, not just personal information, but any work related documents saved on the laptop's hard drive, or even to use the laptop as a way to gain access to the corporate network."
In order to manage the increased risk of data loss that an increase in mobile devices in the workplace brings, Sophos says that companies should adopt wide platform support to cover the range of operating systems that are used to access corporate information.
Businesses must ensure a policy is in place to protect corporate data no matter what operating system or device is used to access it.
"Most data breaches on mobile devices are typically due to basic security failures such as weak or no passwords being in place, failure to encrypt data or falling victim to phishing or other social engineering attacks," said Lyne. "If devices are used for business, it's important that IT teams get the basics under control. By making sure that they can purge devices when they go missing, businesses can both minimise the risk of data loss and can also satisfy regulators."
The Sophos mobile tool kit can be found on the Sophos website.
648 days ago
Not at all surprised; the reflected figures are still very low, rather figures should jump to 80% not having mobile password. Good education for the mobile users and an awakening for the enterprise.