If the UK is any indication, we’re letting our precious mobile devices drop from our bags and pockets, scattering our unprotected data throughout the land at an alarming rate.
Surveying 1,008 UK consumers between the ages of 16 and 64, Sophos found that 42 percent of devices that were lost or left in insecure locations had no active security measures to protect data.
More findings from the survey, which was part of a wider awareness campaign regarding mobile device security:
- 20% of lost devices had access to work email, potentially exposing confidential corporate information.
- 20% contained sensitive personal information such as national insurance numbers, addresses and dates of birth.
- Over 10% contained payment information such as credit card numbers and PINs.
- 35% had access to social networking accounts via apps or web browser-stored cookies.
Sophos’s James Lyne notes that the lack of awareness around data security among the general public is inevitably going to lead to BYOD-induced holes poked into corporate security:
"Indeed, the research already shows that corporate email - on lost and potentially unsecured devices - opens up a potential security hole in the infrastructure. This lack of precaution and awareness risks putting businesses in the firing line when it comes to complying with data privacy legislation and protecting sensitive information."
The survey also produced some interesting findings regarding how likely we are to lose devices depending on our gender, age, and whether or not we live in London, where people evidently seem to drop gadgets like hot potatoes.
In a nutshell, if you’re a young, male Londoner, you’ve practically got an allergy to cell phones, tablets and the like. The findings:
- 38% of men had lost devices. But don’t feel bad, o ye multi-chromosomed ones. You tend to secure yours better, given that…
- 66% of men had security measures in place.
- 33% of women, on the other hand, had lost a device, but only …
- 49% of women claimed to have had security in place.
- 50% of Londoners had lost a device, compared with…
- 36% throughout the nation. But again, don’t feel too bad about that, given that Londoners are more inclined to security, with…
- 66% of Londoners having secured their devices, compared with only…
- 58% of UK citizens overall who claim to have secured their gadgets.
The survey also found that young people do not get along particularly well with gadget retention, but they’re smarter than their elders when it comes to securing the mobile devices they lose.
- People between the ages of 16 and 24 were over four times more likely to lose an electronic device compared to those aged between 55-64.
- 59 percent of the older age group had no security precautions, compared to …
- 45 percent of 16- to 24-year-olds who didn’t secure their toys.
That’s all well and good. It shows that younger people are learning lessons about how to protect their data.
But, Lyne pointed out, the numbers still show a sizable chunk of people who haven’t learned the lesson:
"Those with protection are still too low and as we begin to rely on and invest more in our electronic devices, there needs to be a shift across the board in the attitude and education surrounding mobile, laptop and tablet security."
Other survey findings:
- 36 percent of those surveyed had lost an electronic device in public at some stage.
- Of those who had lost an electronic device, 78 percent had lost a mobile phone, laptop or tablet.
- 58 percent of those surveyed were never able to recover the lost device.
- One-fifth got the device back within 24 hours, but…
- The return rate dropped significantly after 24 hours.
These findings point to a lot of data getting lost, and that points to a huge potential for security holes, as Lyne said.
Education of the masses is key, but businesses also have to get their BYOD policies in order, he said:
"Businesses … should ensure their traditional IT security educational policies extend to laptops and mobile devices. Otherwise they are spending significant amounts of time and money securing data in one part of their infrastructure only to allow the same information to walk out of their building on an unsecured employee device."
On an individual level, the loss of a device promises the forfeiture of personal data (such as photos and contact information).
It also often carries the risk of personally identifiable information that can lead to thieves plundering bank accounts and credit card accounts and/or hijacking social media accounts, not to mention the cost of the device itself.