Risk
10/4/2011
00:26 AM
Ed Hansberry
Ed Hansberry
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Most Consumers Don't Lock Mobile Phone Via PIN

44% of respondents say its's too much of a hassle, new survey reports.

People put a lot of sensitive info on their phones, but they often give little though to how secure their data is. In a survey by a security company, over half of the respondents said they didn't bother with a PIN lock. This takes on a whole new dimension when you begin to understand how many of these people keep corporate data on the device.

Losing an unlocked phone can be far worse than losing a wallet. Emails on the device alone can reveal a wealth of information about the person, including where they bank, where they live, names of family members, and more. If company email is on the device, and it often is, there can be competitive information, salaries, system passwords, etc. If any of those emails contain links, often clicking on it will take you into the website, be it Facebook or a corporate portal.

According to Confident Technologies, 65% of users have corporate data on their phone, even though only 10% actually have a corporate issued device.

For that majority that don't lock their phone at all, 44% said it is too much of a hassle to lock it and 30% said they weren't worried about security. These are likely the same people that store things like social security numbers, passwords, and other sensitive information in text files or basic note applications. They may even store their computer's password on a Post-It Note in their center desk drawer.

Ten years ago, locking the phone wasn't a huge deal. The only thing on it was call history, contacts, and maybe some text messages. Today, almost everyone has email on the device, and 77% have a social network set up, which often has enough personal information to make identity theft a fairly easy accomplishment. Around half have banking apps and 35% have online shopping or auction sites set up. If these people aren't PIN locking the phone, they certainly aren't logging out of these sites each time so that you have to re-key the password to get back in.

In conducting this survey, Confident Technologies is trying to show how people leave their devices wide open, and they do have a product to sell that is geared to make securing a device easier. That doesn't change the results of the survey though. If you have employees accessing company servers, you can enforce policies like requiring a PIN lock. Even if they aren't accessing emails though, there is a good bet they have a password list on the device, or they may have emailed themselves a few documents to have handy. It may be time for a bit of education in the importance of securing a device. Telling them it is against company policy to have corporate data on their personal device won't work anymore than would telling them they cannot take work home to finish up a project.

Whether using a security app from Confident Technologies, which involves image recognition, the built-in PIN lock, or something else, make sure your corporate data is safe.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jamescraig
50%
50%
jamescraig,
User Rank: Apprentice
4/30/2014 | 3:56:52 AM
Consumer Behavior
Consumer behavior is the key of the success of any business. The companies who care fore thye feedback about their machines and electronics can develop better products with the passage of time. 
herman_munster
50%
50%
herman_munster,
User Rank: Apprentice
1/24/2012 | 8:19:15 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
My co enforces a strict password policy on my phone. Sometimes when I get bored, I intentionally enter the password too many times causing the device to be wiped.

BigJohn11
50%
50%
BigJohn11,
User Rank: Apprentice
12/22/2011 | 1:02:59 AM
re: Most Consumers Don't Lock Mobile Phone Via PIN
David, the time out setting has been a capability for nearly 2 years. So most likely it's your IT team who has not set it to your liking. Options are Simple or complex passwords, require alpha numeric, min password length, min number of complex characters, passcode age, auto lock time 1-5 minutes or no auto lock, password history, grace period for device lock, and max number of failed attempts.
DavidMichael
50%
50%
DavidMichael,
User Rank: Apprentice
10/21/2011 | 3:19:17 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
I've just switched from a company provided Blackberry to company provided iPhone (both of which had required PIN's). On the Blackberry the PIN requirement only came on after a predefined timeout even on screen lock which is much more convinient than the iPhone which always requires the PIN. I like your suggestion here Duncan. Please take note Apple!
Denver IT Consulting
50%
50%
Denver IT Consulting,
User Rank: Apprentice
10/14/2011 | 10:51:41 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
This can end up being a nightmare situation for employees and even management staff that do not follow setting up their mobile devices for locking or at least some type of security measure whether it be remote via application or not. Getting authorized access to sensitive documents, emails and other data within the workplace can be easily prevented with measures like this.
Quazzi
50%
50%
Quazzi,
User Rank: Apprentice
10/8/2011 | 3:24:40 AM
re: Most Consumers Don't Lock Mobile Phone Via PIN
Keep in mind that there are applications available that can let you remotely disable and lock, and delete the phone content......assuming this functionality is activated at start-up!
Duncan Murtagh
50%
50%
Duncan Murtagh,
User Rank: Apprentice
10/5/2011 | 1:25:17 AM
re: Most Consumers Don't Lock Mobile Phone Via PIN
On the iPhone a simple solution would be to adjust the way the lock button at the top of the phone works. Right now one click locks the phone and the PIN lock kicks in after whatever number of minutes you've set it to. They could make 2 clicks of that lock bring on the PIN lock.
jrapoza
50%
50%
jrapoza,
User Rank: Apprentice
10/4/2011 | 11:32:27 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
I do use the PIN on my phone, though it's basically a result of having lost a phone that I didn't lock with a PIN and worrying about what was on the phone (luckily nothing too sensitive).
I can understand the frustration. It can be annoying to have to enter that PIN everytime you need to do something on the phone.
Legitimate Home Jobs
50%
50%
Legitimate Home Jobs,
User Rank: Apprentice
10/4/2011 | 11:31:37 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
I used to never lock my phone. That is, until a lot of friends kept telling me I was "butt-dialing" them. Now I always lock my phone. :-)
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7052
Published: 2014-10-19
The sahab-alkher.com (aka com.tapatalk.sahabalkhercomvb) application 2.4.9.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7056
Published: 2014-10-19
The Yeast Infection (aka com.wyeastinfectionapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7070
Published: 2014-10-19
The Air War Hero (aka com.dev.airwar) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7075
Published: 2014-10-19
The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7079
Published: 2014-10-19
The Romeo and Juliet (aka jp.co.cybird.appli.android.rjs) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.