Critical Absence in Basic Security Puts Thousands of Mobiles, Tablets and Laptops at Risk

October 18, 2012 Sophos Press Release

Sophos has today announced the results of a survey* of 1,008 consumers in Great Britain, looking at the data put at risk through lost mobile devices. The survey, part of a wider awareness campaign into mobile device security, reveals that 42 percent of devices, lost or left in an unsecure place, had no active security measures.

Moreover, one in five (20%) of the lost devices had access to work email, potentially exposing confidential corporate information. A fifth (20%) also contained sensitive personal information such as national insurance numbers, addresses and dates of birth, and over 10 percent could have revealed payment information such as credit card numbers and PINs. Over a third (35%) of the lost devices had access to social networking accounts via apps or web browser-stored cookies.

"The widespread lack of basic security measures in place on mobile devices is very severe and shows a clear lack of awareness around data security among the general public," warned James Lyne, director of technology strategy at Sophos. "Most concerning for businesses is that this lack of awareness will inevitably seep into the corporate environment. Indeed, the research already shows that corporate email - on lost and potentially unsecured devices - opens up a potential security hole in the infrastructure. This lack of precaution and awareness risks putting businesses in the firing line when it comes to complying with data privacy legislation and protecting sensitive information."

The research also shed light on some interesting trends within the different demographics of gender, geographical location and age. On the whole, the survey indicated that men were more likely to lose a device, but were generally better secured. 38 percent of men had lost devices, with only 34 percent saying that they had no security measures in place. Conversely, a smaller percentage of women (33%) had ever lost a device, but over half (51%) claimed to have no security in place.

In terms of geographical region, Londoners were most likely to lose an electronic device - 50 percent had lost a device compared to the national average of 36 percent. However, Londoners were also the most likely to have security measures in place - 66 percent compared to the UK average of 58 percent.

Finally, the age of the respondent also correlated to the likelihood of a device being lost and the security measures deployed. Younger adults, aged between 16 and 24 were over four times more likely to lose an electronic device compared to adults aged between 55-64. The older generation meanwhile were less likely to have any security measures in place on lost devices - 59 percent had no security precautions, compared to 45 percent of 16 to 24 year olds.

"The fact that the younger generation is more likely to have enabled security is a promising sign that people are beginning to realise the need to protect data held on electronic devices. That said, those with protection are still too low and as we begin to rely on and invest more in our electronic devices, there needs to be a shift across the board in the attitude and education surrounding mobile, laptop and tablet security," advised Lyne.

Other findings from the research include:

- 36 percent of those surveyed had lost an electronic device in public at some stage
- Of those who had lost an electronic device, 78 percent had lost a mobile phone, laptop or tablet
- 58 percent of those surveyed were never able to recover the lost device, and although one fifth got the device back within 24 hours, the return rate dropped significantly after this time.

"It’s vital we educate the general population about how to protect themselves when using new technology and how to apply best practices across all electronic devices to create a more secure environment. Businesses too should ensure their traditional IT security educational policies extend to laptops and mobile devices. Otherwise they are spending significant amounts of time and money securing data in one part of their infrastructure only to allow the same information to walk out of their building on an unsecured employee device. Mobile manufacturers should also be challenged to make these devices more secure out of the box." concluded Lyne.

To help raise awareness of the mobile security issue, Sophos has branded a series of taxi cabs in the city of London. Inside the taxi, passengers will be able to watch a short video on mobile security and take away information on how to protect themselves. For further details of Sophos' 'You're safer in our bubble' taxi initiative, please see here: http://www.bubblewrapcab.com/

For tips and advice on electronic device security, visit here:

http://www.sophos.com/en-us/security-news-trends/security-hubs/mobile-security/mobile-security-101.aspx

http://www.sophos.com/en-us/security-news-trends/security-trends/mobile-security-toolkit.aspx

* The research was conducted by TNS Omnibus on behalf of Sophos through an online omnibus of 1,008 GB consumers aged 16-64