Risk
10/4/2011
00:26 AM
Ed Hansberry
Ed Hansberry
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Most Consumers Don't Lock Mobile Phone Via PIN

44% of respondents say its's too much of a hassle, new survey reports.

People put a lot of sensitive info on their phones, but they often give little though to how secure their data is. In a survey by a security company, over half of the respondents said they didn't bother with a PIN lock. This takes on a whole new dimension when you begin to understand how many of these people keep corporate data on the device.

Losing an unlocked phone can be far worse than losing a wallet. Emails on the device alone can reveal a wealth of information about the person, including where they bank, where they live, names of family members, and more. If company email is on the device, and it often is, there can be competitive information, salaries, system passwords, etc. If any of those emails contain links, often clicking on it will take you into the website, be it Facebook or a corporate portal.

According to Confident Technologies, 65% of users have corporate data on their phone, even though only 10% actually have a corporate issued device.

For that majority that don't lock their phone at all, 44% said it is too much of a hassle to lock it and 30% said they weren't worried about security. These are likely the same people that store things like social security numbers, passwords, and other sensitive information in text files or basic note applications. They may even store their computer's password on a Post-It Note in their center desk drawer.

Ten years ago, locking the phone wasn't a huge deal. The only thing on it was call history, contacts, and maybe some text messages. Today, almost everyone has email on the device, and 77% have a social network set up, which often has enough personal information to make identity theft a fairly easy accomplishment. Around half have banking apps and 35% have online shopping or auction sites set up. If these people aren't PIN locking the phone, they certainly aren't logging out of these sites each time so that you have to re-key the password to get back in.

In conducting this survey, Confident Technologies is trying to show how people leave their devices wide open, and they do have a product to sell that is geared to make securing a device easier. That doesn't change the results of the survey though. If you have employees accessing company servers, you can enforce policies like requiring a PIN lock. Even if they aren't accessing emails though, there is a good bet they have a password list on the device, or they may have emailed themselves a few documents to have handy. It may be time for a bit of education in the importance of securing a device. Telling them it is against company policy to have corporate data on their personal device won't work anymore than would telling them they cannot take work home to finish up a project.

Whether using a security app from Confident Technologies, which involves image recognition, the built-in PIN lock, or something else, make sure your corporate data is safe.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
herman_munster
50%
50%
herman_munster,
User Rank: Apprentice
1/24/2012 | 8:19:15 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
My co enforces a strict password policy on my phone. Sometimes when I get bored, I intentionally enter the password too many times causing the device to be wiped.

BigJohn11
50%
50%
BigJohn11,
User Rank: Apprentice
12/22/2011 | 1:02:59 AM
re: Most Consumers Don't Lock Mobile Phone Via PIN
David, the time out setting has been a capability for nearly 2 years. So most likely it's your IT team who has not set it to your liking. Options are Simple or complex passwords, require alpha numeric, min password length, min number of complex characters, passcode age, auto lock time 1-5 minutes or no auto lock, password history, grace period for device lock, and max number of failed attempts.
DavidMichael
50%
50%
DavidMichael,
User Rank: Apprentice
10/21/2011 | 3:19:17 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
I've just switched from a company provided Blackberry to company provided iPhone (both of which had required PIN's). On the Blackberry the PIN requirement only came on after a predefined timeout even on screen lock which is much more convinient than the iPhone which always requires the PIN. I like your suggestion here Duncan. Please take note Apple!
Denver IT Consulting
50%
50%
Denver IT Consulting,
User Rank: Apprentice
10/14/2011 | 10:51:41 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
This can end up being a nightmare situation for employees and even management staff that do not follow setting up their mobile devices for locking or at least some type of security measure whether it be remote via application or not. Getting authorized access to sensitive documents, emails and other data within the workplace can be easily prevented with measures like this.
Quazzi
50%
50%
Quazzi,
User Rank: Apprentice
10/8/2011 | 3:24:40 AM
re: Most Consumers Don't Lock Mobile Phone Via PIN
Keep in mind that there are applications available that can let you remotely disable and lock, and delete the phone content......assuming this functionality is activated at start-up!
Duncan Murtagh
50%
50%
Duncan Murtagh,
User Rank: Apprentice
10/5/2011 | 1:25:17 AM
re: Most Consumers Don't Lock Mobile Phone Via PIN
On the iPhone a simple solution would be to adjust the way the lock button at the top of the phone works. Right now one click locks the phone and the PIN lock kicks in after whatever number of minutes you've set it to. They could make 2 clicks of that lock bring on the PIN lock.
jrapoza
50%
50%
jrapoza,
User Rank: Apprentice
10/4/2011 | 11:32:27 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
I do use the PIN on my phone, though it's basically a result of having lost a phone that I didn't lock with a PIN and worrying about what was on the phone (luckily nothing too sensitive).
I can understand the frustration. It can be annoying to have to enter that PIN everytime you need to do something on the phone.
Legitimate Home Jobs
50%
50%
Legitimate Home Jobs,
User Rank: Apprentice
10/4/2011 | 11:31:37 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
I used to never lock my phone. That is, until a lot of friends kept telling me I was "butt-dialing" them. Now I always lock my phone. :-)
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6212
Published: 2014-04-19
Unspecified vulnerability in HP Database and Middleware Automation 10.0, 10.01, 10.10, and 10.20 before 10.20.100 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2013-6215
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 10.01 and 10.10 allows remote authenticated users to execute arbitrary code via unknown vectors, aka ZDI-CAN-1977.

CVE-2013-6218
Published: 2014-04-19
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors.

Best of the Web