Mobile Security Efforts Falling Short


A theme the changing world of mobility repeatedly returns to is that the line between consumer and professional devices is disintegrating. This has many ramifications, particularly on the security front. I blogged a couple of weeks ago about the need to tweak as many settings as possible to make the highest level of security the de facto position. In other words, security should not be left to the end user.


A survey from WStore provides more evidence. Though the survey, featured in SecurityPark, was done in the UK, the findings should also apply in the United States. The survey found that only 15 percent of respondents worry about viruses, hackers or related problems. About double that number -- 32 percent -- are concerned about losing or having their devices stolen. Both of these results are worrisome. After years of headlines about lost devices and data, why is only 1 in 3 people concerned about losing devices? Why are only half that amount worried about hackers and viruses? Commentators continually discuss the need to educate users. These results suggest three possibilities: Educational efforts are not being undertaken; they are being undertaken but done poorly or that users resist that education. Clearly, any of the three options is unfortunate.


The options are either that educational efforts are no good or that users are poor students. But giving up these efforts is not an option. The risks are too great. This Network World story, for example, quotes a Computing Technology Industry Association survey that says that more than half of respondents feel mobile device and remote worker risks have risen "significantly" since last year.


The meat of the piece is a list of six tips for iPhone safety. The writer says users should enable auto-lock and password lock; use good security when accessing Wi-Fi hotspots; use all available security when accessing corporate and Webmail and Safari Web browsing; and set usage restrictions appropriately.


A survey conducted by Deloitte India shows that the problem is not limited to the West. Among other things, 36 percent of 6,729 respondents use unencrypted devices, 52 percent use the outdated and broken Wired Equivalent Protocol (WEP) and only 12 percent use Wi-Fi Protected Access (WPA). The firm does the math and concludes that 88 percent of the devices belonging to respondents will be easy to compromise.


The use of mobile devices for work is a very dangerous thing. CSO paints a picture of the great benefits increased mobility can bring. But it also that those benefits with the reality that mobility petrifies CIOs. The bulk of the story looks at the trends creating this exciting -- great risk, great reward -- landscape. The trends are the ever-more powerful and cheap devices; higher capacity, IP-based networks; increasing numbers of corporate users; more potent and data-demanding mobile applications and the growing sophistication of security threats.


The three surveys highlighted in this blog point to the same thing: Despite years of headlines, too little attention is paid to mobile security. At least in this regard, savvy security staffs seem to be in the minority.