29 March 2009

Weekend Reading:
Over 80% Of Users Keep Highly
Confidential Information On Their Phones

Many millions of users are exposed to the trappings of mobile phone criminals and opportunists who use the information stored on them to take over someone’s corporate and personal life.

According to the findings of a survey by endpoint data protection security experts, Credant Technologies, 99% of people use their own personal phones for some sort of business use – even though 26% have been instructed by their employer not to do so.

The research surveyed 600 commuters at London railway stations about their mobile phones, typical usage and the types of sensitive information stored on them.

Interestingly, the study found that 63% of employees are given a smartphone for work, however 41% of users haven’t been asked to sign a mobile usage policy.

On the positive side 74% of corporate users are using a secure dial-in such as an SSL VPN to access their corporate networks and 56% are using the encryption either supplied by their company or what’s on the phone.

• 35% receive and send business emails
• 77% keep business names and addresses
• 30% use them as a business diary
• 17% download corporate information, such as documents and spreadsheets
• 23% store customers information
• alarmingly 40% naively fail to protect their devices with a password

According to Paul Huntingdon – Public Sector Director at Credant Technologies and adviser to many Government departments and large corporations, “Once you have access to someone’s emails, passwords, birthdays, business diary, documents, children’s names and pets you can easily masquerade as that person, sending out emails under their name, read all their corporate data and get to see every personal detail of their life. People are ignorant to how easy a professional thief could take over their life and effectively destroy it. It is therefore imperative that all mobile phone users, even with the most basic handset, password protect and encrypt them.”

Sean Towns – an IT security specialist at Credant Technologies and adviser to many Government departments and large corporations, explains “Most companies should be horrified that so many of their employees are using their own personal phones to store such intimate and detailed information on customers.On a simplistic level this practice puts the organisation in breach of the data protection act by failing to meet some of its principals on electronic data."

"On a higher level it is worrying to think what could happen if these details were to fall into the wrong hands – a competitors for example. People are ignorant to how easy a professional thief could take over their life, both personal and professional, and effectively destroy it. It is therefore imperative that all mobile phone users, even with the most basic handset, password protect them.”