How many Internet-connected devices are in your household? Not in your business, but personally owned by you and everyone who lives with you. The average is 4.5 per household, according to the folks at Kaspersky Lab, who recently conducted a survey of 9000 respondents internationally on their Internet-connected device use and security.
The results of the survey were announced this week to a room filled with security reporters, myself included, and many of us chuckled at the number. I think most, if not all, of us in that room personally own more than five such devices. I suspect many others find that their device ownership falls above that number, too. But that number is important, said Alexander Erofeev, Kaspersky Lab CMO, because once you get over two devices, it is harder to control security.
As BYOD becomes more prevalent in the corporate world, how we secure – and don’t secure – the devices we own is vital to enterprise security. What is especially worrisome, Erofeev said, is:
“People are using more devices than ever to connect to the Internet, but they are doing it with little to no protection.”
He went on to add that despite the well-publicized malware and infected apps risks to Android devices, a low percentage actually install any kind of security software. And Apple users tend to think their devices are safe from attacks and ignore security altogether. PCs are seen to be the devices with the most risk, according to the responses, and that is where the focus of security is. But, Erofeev said, “Because of loss and insecure connections, the reality is mobile devices are the least secure.”
More than a quarter of the respondents reported finding malware on a device within the last year, with one in 20 saying they lost personal files due to that malware. Chances are, Erofeev said, those numbers are low because people don’t always realize that malware has been loaded on their device. Thirty-eight percent of malware incidents resulted in financial loss, 20 percent of malware attacks result in loss of data, and 14 percent of users have experienced accounts being hacked. Also, not surprisingly, users are lazy about passwords – 33 percent use the same password for all of their accounts, for instance – and too many don’t password protect their mobile devices.
An important part of the survey is how much damage our children are doing and are allowed to do. Of the parents who allow their children to use their devices, 22 percent do nothing about their children’s activities on said devices, 27 pecent of parents admit their kids have been exposed to risk, and 18 percent have lost data because of their children’s activities.
And these are the same devices that are being used to access the company network. Eventually, personal losses will extend to corporate losses because the hackers will have access to everything on that phone, tablet or computer. So what can enterprise do to protect itself from an employee’s lack of security? Erofeev and everyone else at Kaspersky stress the same thing: educate, educate, educate. Today’s phones and tablets are computers, and we need to have the mindset that anything you would do to protect your PC has to be done to protect your mobile devices, and then some. And for the Apple fans, there is the reminder that risk and security go beyond malware. iPhone and iPad users are just as likely to lose their device and may be more likely to have it stolen than anyone else, after all.
Because the line between personal and corporate has blurred so much in the past year, a survey of personal devices may as well be a survey of business-related devices. Remember, if your employee’s device is at risk and it is used for BYOD, your company is at risk, too.