Brits Fail Mobile Password Protection Test

A new survey from security vendor Sophos has highlighted the lax security attitudes the British have towards their mobile phones.

The survey of 1,075 people in the UK was conducted by TNS Omnibus in March this year. It revealed that almost a quarter of them (22 percent) have at some stage lost a mobile phone. Indeed, a further 12 percent admitted that they have had their mobile phone stolen.

But worryingly, despite these risks, the vast majority (67 percent) do not take the simple precaution of password protecting their mobile pride and joy.

Password Discipline

The survey also revealed that 60 percent acknowledged theft or loss is the biggest security threat to mobile devices. However only 57 percent have taken the effort to use password protection, even on their laptops –  and 18 percent admitted to using the same password for everything.

It is worth pointing out that this is not just a consumer issue. Businesses are also being impacted by staff losing their mobile devices or company laptops.

Sophos announced that in an effort to help businesses educate their staff on the threats associated with mobile technology, it has launched a free mobile security toolkit containing “top tips for users for creating secure passcodes, a Youtube video [see below] and presentation, whitepapers and a sample security policy.”

Productivity Without Security?

“More and more people are using personal laptops, smartphones and tablets when they’re working remotely. While this helps to improve productivity and innovation in a business, it is essential to address the security and operational issues relating to mobile devices now, rather than getting caught out later,” said James Lyne, director of technology strategy at Sophos.

“If an employee’s unprotected personal laptop falls into the wrong hands, it can be easy for someone to access, not just personal information, but any work related documents saved on the laptop’s hard drive, or even to use the laptop as a way to gain access to the corporate network,” he added.

“Most data breaches on mobile devices are typically due to basic security failures such as weak or no passwords being in place, failure to encrypt data or falling victim to phishing or other social engineering attacks,” Lyne added. “If devices are used for business, it’s important that IT teams get the basics under control. By making sure that they can purge devices when they go missing, businesses can both minimise the risk of data loss and can also satisfy regulators.”

Careless Staff

The survey does raise some valid points about the security risk posed by incorporating people’s mobile devices into a corporate business.

Staff do have the unfortunate habit of losing their devices or having them stolen. Even Sophos staff. According to Carole Theriault on the Sophos Naked Security blog, she lost her mobile phone a staggering four times last year.

“Thank God my devices were all encrypted and can be remotely wiped of data,” she wrote. “Maybe because I lose stuff all the time, I was rather shocked that a whopping 70 percent of mobile phone users apparently don’t password protect their phones.”

Mobile Dependancy

The problem of our increasing dependence on mobile devices, which in turn poses big security issues around sensitive data losses, has been highlighted previously.

Another recent survey of smartphone apps by ViaForensics for example found that many mobile applications are storing sensitive user account information unencrypted on the mobile device.

Back in May a report from McAfee and Carnegie Mellon University revealed that one in three employees kept sensitive work-related information on their mobile devices. That survey also found that even though 95 percent of companies have mobile-security policies in place to protect enterprise data, two-thirds of employees were not aware of their organisations’ policies.

In an effort to combat this, Sophos in May enhanced its security portfolio to provide “complete protection” for all endpoints, including mobile devices, desktops and laptops, regardless of where the user is.