Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/4/2011
12:26 AM
Ed Hansberry
Ed Hansberry
Commentary
50%
50%

Most Consumers Don't Lock Mobile Phone Via PIN

44% of respondents say its's too much of a hassle, new survey reports.

People put a lot of sensitive info on their phones, but they often give little though to how secure their data is. In a survey by a security company, over half of the respondents said they didn't bother with a PIN lock. This takes on a whole new dimension when you begin to understand how many of these people keep corporate data on the device.

Losing an unlocked phone can be far worse than losing a wallet. Emails on the device alone can reveal a wealth of information about the person, including where they bank, where they live, names of family members, and more. If company email is on the device, and it often is, there can be competitive information, salaries, system passwords, etc. If any of those emails contain links, often clicking on it will take you into the website, be it Facebook or a corporate portal.

According to Confident Technologies, 65% of users have corporate data on their phone, even though only 10% actually have a corporate issued device.

For that majority that don't lock their phone at all, 44% said it is too much of a hassle to lock it and 30% said they weren't worried about security. These are likely the same people that store things like social security numbers, passwords, and other sensitive information in text files or basic note applications. They may even store their computer's password on a Post-It Note in their center desk drawer.

Ten years ago, locking the phone wasn't a huge deal. The only thing on it was call history, contacts, and maybe some text messages. Today, almost everyone has email on the device, and 77% have a social network set up, which often has enough personal information to make identity theft a fairly easy accomplishment. Around half have banking apps and 35% have online shopping or auction sites set up. If these people aren't PIN locking the phone, they certainly aren't logging out of these sites each time so that you have to re-key the password to get back in.

In conducting this survey, Confident Technologies is trying to show how people leave their devices wide open, and they do have a product to sell that is geared to make securing a device easier. That doesn't change the results of the survey though. If you have employees accessing company servers, you can enforce policies like requiring a PIN lock. Even if they aren't accessing emails though, there is a good bet they have a password list on the device, or they may have emailed themselves a few documents to have handy. It may be time for a bit of education in the importance of securing a device. Telling them it is against company policy to have corporate data on their personal device won't work anymore than would telling them they cannot take work home to finish up a project.

Whether using a security app from Confident Technologies, which involves image recognition, the built-in PIN lock, or something else, make sure your corporate data is safe.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AnhT053
50%
50%
AnhT053,
User Rank: Apprentice
11/27/2014 | 5:31:01 AM
Video clip Recreation
3D animated fun, humor and the latest

https://www.youtube.com/watch?v=-XHhmkBzetM
jamescraig
50%
50%
jamescraig,
User Rank: Apprentice
4/30/2014 | 3:56:52 AM
Consumer Behavior
Consumer behavior is the key of the success of any business. The companies who care fore thye feedback about their machines and electronics can develop better products with the passage of time. 
herman_munster
50%
50%
herman_munster,
User Rank: Apprentice
1/24/2012 | 8:19:15 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
My co enforces a strict password policy on my phone. Sometimes when I get bored, I intentionally enter the password too many times causing the device to be wiped.

BigJohn11
50%
50%
BigJohn11,
User Rank: Apprentice
12/22/2011 | 1:02:59 AM
re: Most Consumers Don't Lock Mobile Phone Via PIN
David, the time out setting has been a capability for nearly 2 years. So most likely it's your IT team who has not set it to your liking. Options are Simple or complex passwords, require alpha numeric, min password length, min number of complex characters, passcode age, auto lock time 1-5 minutes or no auto lock, password history, grace period for device lock, and max number of failed attempts.
DavidMichael
50%
50%
DavidMichael,
User Rank: Apprentice
10/21/2011 | 3:19:17 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
I've just switched from a company provided Blackberry to company provided iPhone (both of which had required PIN's). On the Blackberry the PIN requirement only came on after a predefined timeout even on screen lock which is much more convinient than the iPhone which always requires the PIN. I like your suggestion here Duncan. Please take note Apple!
Denver IT Consulting
50%
50%
Denver IT Consulting,
User Rank: Apprentice
10/14/2011 | 10:51:41 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
This can end up being a nightmare situation for employees and even management staff that do not follow setting up their mobile devices for locking or at least some type of security measure whether it be remote via application or not. Getting authorized access to sensitive documents, emails and other data within the workplace can be easily prevented with measures like this.
Quazzi
50%
50%
Quazzi,
User Rank: Apprentice
10/8/2011 | 3:24:40 AM
re: Most Consumers Don't Lock Mobile Phone Via PIN
Keep in mind that there are applications available that can let you remotely disable and lock, and delete the phone content......assuming this functionality is activated at start-up!
Duncan Murtagh
50%
50%
Duncan Murtagh,
User Rank: Apprentice
10/5/2011 | 1:25:17 AM
re: Most Consumers Don't Lock Mobile Phone Via PIN
On the iPhone a simple solution would be to adjust the way the lock button at the top of the phone works. Right now one click locks the phone and the PIN lock kicks in after whatever number of minutes you've set it to. They could make 2 clicks of that lock bring on the PIN lock.
jrapoza
50%
50%
jrapoza,
User Rank: Apprentice
10/4/2011 | 11:32:27 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
I do use the PIN on my phone, though it's basically a result of having lost a phone that I didn't lock with a PIN and worrying about what was on the phone (luckily nothing too sensitive).
I can understand the frustration. It can be annoying to have to enter that PIN everytime you need to do something on the phone.
Legitimate Home Jobs
50%
50%
Legitimate Home Jobs,
User Rank: Apprentice
10/4/2011 | 11:31:37 PM
re: Most Consumers Don't Lock Mobile Phone Via PIN
I used to never lock my phone. That is, until a lot of friends kept telling me I was "butt-dialing" them. Now I always lock my phone. :-)
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "The truth behind Stonehenge...."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27886
PUBLISHED: 2021-03-02
rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product.
CVE-2016-8153
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
CVE-2016-8154
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
CVE-2016-8155
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
CVE-2016-8156
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.