Risk
10/4/2011
00:26 AM
Ed Hansberry
Ed Hansberry
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Most Consumers Don't Lock Mobile Phone Via PIN

44% of respondents say its's too much of a hassle, new survey reports.

People put a lot of sensitive info on their phones, but they often give little though to how secure their data is. In a survey by a security company, over half of the respondents said they didn't bother with a PIN lock. This takes on a whole new dimension when you begin to understand how many of these people keep corporate data on the device.

Losing an unlocked phone can be far worse than losing a wallet. Emails on the device alone can reveal a wealth of information about the person, including where they bank, where they live, names of family members, and more. If company email is on the device, and it often is, there can be competitive information, salaries, system passwords, etc. If any of those emails contain links, often clicking on it will take you into the website, be it Facebook or a corporate portal.

According to Confident Technologies, 65% of users have corporate data on their phone, even though only 10% actually have a corporate issued device.

For that majority that don't lock their phone at all, 44% said it is too much of a hassle to lock it and 30% said they weren't worried about security. These are likely the same people that store things like social security numbers, passwords, and other sensitive information in text files or basic note applications. They may even store their computer's password on a Post-It Note in their center desk drawer.

Ten years ago, locking the phone wasn't a huge deal. The only thing on it was call history, contacts, and maybe some text messages. Today, almost everyone has email on the device, and 77% have a social network set up, which often has enough personal information to make identity theft a fairly easy accomplishment. Around half have banking apps and 35% have online shopping or auction sites set up. If these people aren't PIN locking the phone, they certainly aren't logging out of these sites each time so that you have to re-key the password to get back in.

In conducting this survey, Confident Technologies is trying to show how people leave their devices wide open, and they do have a product to sell that is geared to make securing a device easier. That doesn't change the results of the survey though. If you have employees accessing company servers, you can enforce policies like requiring a PIN lock. Even if they aren't accessing emails though, there is a good bet they have a password list on the device, or they may have emailed themselves a few documents to have handy. It may be time for a bit of education in the importance of securing a device. Telling them it is against company policy to have corporate data on their personal device won't work anymore than would telling them they cannot take work home to finish up a project.

Whether using a security app from Confident Technologies, which involves image recognition, the built-in PIN lock, or something else, make sure your corporate data is safe.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jamescraig
50%
50%
jamescraig,
User Rank: Apprentice
4/30/2014 | 3:56:52 AM
Consumer Behavior
Consumer behavior is the key of the success of any business. The companies who care fore thye feedback about their machines and electronics can develop better products with the passage of time. 
herman_munster
50%
50%
herman_munster,
User Rank: Apprentice
1/24/2012 | 8:19:15 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
My co enforces a strict password policy on my phone. Sometimes when I get bored, I intentionally enter the password too many times causing the device to be wiped.

BigJohn11
50%
50%
BigJohn11,
User Rank: Apprentice
12/22/2011 | 1:02:59 AM
re: Most Consumers Don't Lock Mobile Phone Via PIN
David, the time out setting has been a capability for nearly 2 years. So most likely it's your IT team who has not set it to your liking. Options are Simple or complex passwords, require alpha numeric, min password length, min number of complex characters, passcode age, auto lock time 1-5 minutes or no auto lock, password history, grace period for device lock, and max number of failed attempts.
DavidMichael
50%
50%
DavidMichael,
User Rank: Apprentice
10/21/2011 | 3:19:17 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
I've just switched from a company provided Blackberry to company provided iPhone (both of which had required PIN's). On the Blackberry the PIN requirement only came on after a predefined timeout even on screen lock which is much more convinient than the iPhone which always requires the PIN. I like your suggestion here Duncan. Please take note Apple!
Denver IT Consulting
50%
50%
Denver IT Consulting,
User Rank: Apprentice
10/14/2011 | 10:51:41 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
This can end up being a nightmare situation for employees and even management staff that do not follow setting up their mobile devices for locking or at least some type of security measure whether it be remote via application or not. Getting authorized access to sensitive documents, emails and other data within the workplace can be easily prevented with measures like this.
Quazzi
50%
50%
Quazzi,
User Rank: Apprentice
10/8/2011 | 3:24:40 AM
re: Most Consumers Don't Lock Mobile Phone Via PIN
Keep in mind that there are applications available that can let you remotely disable and lock, and delete the phone content......assuming this functionality is activated at start-up!
Duncan Murtagh
50%
50%
Duncan Murtagh,
User Rank: Apprentice
10/5/2011 | 1:25:17 AM
re: Most Consumers Don't Lock Mobile Phone Via PIN
On the iPhone a simple solution would be to adjust the way the lock button at the top of the phone works. Right now one click locks the phone and the PIN lock kicks in after whatever number of minutes you've set it to. They could make 2 clicks of that lock bring on the PIN lock.
jrapoza
50%
50%
jrapoza,
User Rank: Apprentice
10/4/2011 | 11:32:27 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
I do use the PIN on my phone, though it's basically a result of having lost a phone that I didn't lock with a PIN and worrying about what was on the phone (luckily nothing too sensitive).
I can understand the frustration. It can be annoying to have to enter that PIN everytime you need to do something on the phone.
Legitimate Home Jobs
50%
50%
Legitimate Home Jobs,
User Rank: Apprentice
10/4/2011 | 11:31:37 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
I used to never lock my phone. That is, until a lot of friends kept telling me I was "butt-dialing" them. Now I always lock my phone. :-)
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7298
Published: 2014-10-24
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.

CVE-2014-8346
Published: 2014-10-24
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.

CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.