A refreshing piece of work on mobile security from In-Stat suggests that a majority of users overestimates the risks, misunderstands the security threats that do exist, and looks for protection from sources that cannot help.
In-Stat estimates that over 8m devices will go missing in the US this year – and “smartphone users, the ones with the most access to sensitive information, are 40% more likely to lose a device”. In-Stat thinks too many organisations allow end users to select their own devices, networks, and even how much access they have to corporate databases. “The problem with this is that users select the method that is most convenient and costs less, not necessarily the one that is most secure.”
Compounding the problem is the way users reject even basic steps to increase security. For example, many US users apparently resent the fact that a carrier can disable a stolen device remotely. Equally, passwords are often left as the default setting, an obvious security risk.
In-Stat concludes that “he first step for organizations to get in front of mobile security is to assume corporate liability for mobile communications … As long as corporate users pursue individual liability as an acceptable option for business use, it seems inevitable that security breaches will become more common.”