A survey of 500 IT professionals has revealed that over a third were to be personally compromised if they were to lose their mobile device.
The survey, carried out at IP Expo by ESET, found that 39 per cent said that if they were to lose their phone, some of the photos and information they have stored on the device could compromise them. Also, 46 per cent of respondents admitted that if they were to lose their phone with work information on it, and it was subsequently hacked, it could jeopardise or compromise their company.
Mark James, security specialist at ESET, said: “The recent news around celebrity phones being hacked and their images being stolen and posted online should act as a warning. Mobile phones are a very attractive target for cyber criminals as they hold so much information.
“My advice to mobile phone users is to be very cautious with what content you have stored on your device. If you have something on your phone which, if fallen into the wrong hands could compromise you either personally or professionally, delete it, or make sure security on the device is a priority, not an afterthought.”
Thomas Labarthe, managing director Europe at Lookout, said: “The security of mobile devices depends heavily on end-user adoption and so businesses must be mindful to balance employee privacy concerns with corporate data protection needs when implementing security policies and solutions.
“Employee education can go a long way towards minimising their concerns, as can the implementation of security solutions that offer employees immediate value and transparency around administrative controls.
“Overall, IT managers should be taking the perspective that companies are made up of consumers. These people all have the potential to move proprietary information into the wrong hands, and so they need to be protected like consumers. Make sure everyone has a passcode on their phone. Teach employees about app safety: not all marketplaces are made the same. Create a company policy around using security applications that allow you to wipe, track, and secure phones without getting in the user’s way.”
The survey also found that despite most respondents admitting to storing compromising data on their mobile, 22 per cent do not have a facility to remote wipe their device.
Rob Bamforth, principal analyst for business communications at Quocirca, told IT Security Guru that there are plenty of products that can offer a remote wipe, but of course there is also the growing challenge of BYOD and who wipes whose data.
“IT professionals are no different from the rest, and to be honest it’s not the tools that aren’t up to the job (plenty of them are), but the basics of good mobile IT hygiene are being ignored by most people, or the tools that are available are not being used,” he said.
“The problem is too many people still have a mental image of ‘it’s just a phone’, despite what they do with their mobile device – remembering that it has more computing power and memory than desktops of only a few years ago and treating it with a bit more care would go a long way.”
Mobile analyst Alan Goode told IT Security Guru that remote wipe products often come under the anti-theft banner, and is provided by the mobile OS itself.
“The remote wipe features can also be triggered automatically by actions associated with a theft – multiple failed logins and SIM removal, although this has to be carefully implemented as you don’t want to delete a phone’s contents by the actions of its owner,” he said.
“This is gaining ground in some states in the US (NY and CA) where it is becoming part of state law and supported by the main mobile platforms.”
He disagreed that a remote wipe is the only deterrent, as particularly for the enterprise, the use of strong authentication linked to full-device encryption (available on latest versions of Android and iOS) are also part of the tools that can be deployed.
He said: “A lot of enterprise mobile solutions (MDM and Secure Container) will not store a lot of sensitive data on the device itself and there is also a move towards mobile virtual machine solutions from vendors like VMWare.
“There is also a weakness on solely relying on remote wipe as there is a period of time between losing the device and then getting to another computer to access your remote wipe service. In that time all of your data could be siphoned off.”