Employee Apathy Puts Corporate Data in Jeopardy
London, UK – August 31, 2004 – Sloppy PDA habits are compromising customer confidentiality and putting companies’ reputations on the line, according to the findings of the Mobile Vulnerability Survey 2004, commissioned by Pointsec Mobile Technologies and Infosecurity Europe. Two thirds of PDAs are used to store client details and corporate information, but without adequate protection.
PDAs are now firmly entrenched as corporate communication tools, with almost half being used to receive and view corporate emails, and a third now doubling as a phone. The storage of the names and addresses of corporate customers is now common, yet despite the value of such information stored on these PDAs, a full two thirds of users do not use any kind of encryption to protect the data.
The survey findings show that one of the fastest and easiest ways to access corporate data is through unprotected PDAs that are lost or stolen, as they contain business names and addresses, spreadsheets and other corporate documents. The survey found that a third of users do not even use password protection on their devices, leaving the information vulnerable to opportunists, hackers or competitors. As a result, a lost PDA could have a huge impact on customer confidence and do untold damage to a company’s reputation, the survey revealed.
As well as using their PDAs to store company information, many users store valuable personal information such as PIN numbers, bank account details, social security numbers, credit card information and even lists of passwords, many of which can be accessed – ironically – without a password.
Although more companies than ever have introduced a specific mobile security policy – over 50% have a policy compared with 27% last year – very little has changed when it comes to enforcing the protection of data on mobile devices. For three years in a row, the number of people who are encrypting their data or using passwords to secure their PDAs has remained roughly static, in spite of the efforts of companies introducing mobile security policies.
Despite the large amount of valuable and sensitive customer and corporate information stored on mobile devices, 50% of companies do not inform the police of the loss of their devices, as they believe there is nothing they can do. Similarly, almost half fail to inform their insurance company about the loss of a device. This is because few companies insure their mobile devices, let alone the data that resides on them, the survey found.
Magnus Ahlberg, Managing Director of Pointsec Mobile Technologies, said: “Clearly companies are under-estimating, or are totally unaware of the amount of valuable information which is being stored on personal and business mobile devices. Our advice is that companies should ensure that they have a mobile security policy and that all data is protected by centrally managed encryption and password protection. To do this you have to take the responsibility away from the users and make it the companies’ sole responsibility. Mobile security need not be complicated; it is simply a matter of having a blanket approach by centrally administering all devices with encryption and password protection which users cannot get around – this provides the company with the insurance they need which is inexpensive to administer.”
Other findings of the survey show that:
* 13% of respondents have had the misfortune of losing their mobile device, with the most likely places to lose a mobile device being in a taxi (30%), car (20%), the home (20%), an airport (10%) or a restaurant (10%).
* It takes a user an average of 2 days to recover, reconfigure and re-enter data onto a new PDA if their previous device has been lost or stolen.
* Forty percent of users would not be issued with a new company mobile device in the event of the loss or theft of their PDA; while just 18% said that they would be reprimanded for losing their device. Only 10% believe that they should worry about the potential loss of their mobile device because it could result in the company inadvertently breaching the Data Protection Act.
The survey found that the top 10 functions PDAs are most commonly used for are:
1. To store personal names and addresses – 85%
2. To store business names and addresses – 76%
3. As a personal diary – 72%
4. As a business diary – 71%
5. To receive and view emails – 46%
6. As a telephone – 29%
7. To store corporate information – 29%
8. To create documents/spreadsheets – 28%
9. For entertainment – games/music etc – 28%
10. To store personal images and photographs – 24%
The Mobile Vulnerability Survey was conducted among 68 IT managers, with 38% coming from companies employing over 1,000 employees.
About Pointsec Mobile Technologies AB is a wholly owned subsidiary of Protect Data AB, publicly traded (PROT) on the Stockholm stock exchange. The company develops and markets access controlling and encrypting systems for stationary and portable computers, palmtop computers, smartphones, PDAs, etc. Pointsec Mobile Technologies has offices in Chicago, and Washington DC in the USA, Cambridge in the United Kingdom, D??sseldorf in Germany, Paris in France, and Stockholm, Falun, and Sundsvall in Sweden. Pointsec is a registered trademark of Pointsec Mobile Technologies. All other product or service names mentioned herein are the trademarks of their respective owners. Visit www.pointsec.com.
About Infosecurity Europe
Infosecurity Europe, running for its tenth year in 2005, is Europe’s largest information security event. Featuring over 300 exhibitors, and a comprehensive programme of free seminars and keynotes, Infosecurity Europe is the most important date in the calendar for information security professional across Europe.