Even IT Security Professionals Cannot Be Bothered With Passwords, Says Survey
Addison, Texas — July 7
IT security professionals admit that they are suffering from password fatigue when it comes to using their mobile devices, which leaves their data exposed to personal and corporate identity theft if these devices were to fall into the wrong hands. That’s according to a survey released by endpoint data protection specialist CREDANT Technologies, which conducted the “mobile usage survey” among 227 IT professionals with the majority drawn from companies that employ more than 1,000 people.
Thirty-five percent revealed they just don’t get around to using a password on their business phones and smart phones, even though they know they should, as they contain sensitive and confidential information. Surprisingly, IT professionals are only marginally better at using passwords than the general population, as a survey conducted earlier in the year by CREDANT found that 40 percent of all users don’t bother with passwords on their mobile phones.
The sorts of information that IT professionals are storing on their smart phones and mobiles, many of which are totally unprotected with a password, include:
• Business names and addresses (80 percent)
• Personal names and addresses (66 percent)
• Business e-mails (23 percent)
• Personal e-mails (16 percent)
• Bank account details (12 percent)
• Business diary with details of all their appointments and meetings (12 percent)
• Personal diary (7 percent)
• Credit card information (5 percent)
• Photos (4 percent)
• Passwords and PINs (1 percent)
Andrew Kahl, senior vice president of operations and co-founder of CREDANT Technologies, said, “It is alarming to note that the very people who are responsible for IT security are not much better at protecting the information on their business phones than most of their co-workers, who don’t necessarily know any better. If a mobile or smart phone goes missing and isn’t protected with a password, and contains business names and addresses and other corporate data such as business e-mails, then the company is immediately in breach of the data protection act by failing to meet some of its principles on electronic data.
“Of even greater concern is the damage that can be done to a company, and the individual who is responsible for the phone, if it falls into the wrong hands, which could expose them to personal or corporate identity theft. It is therefore imperative that all mobile phone users who hold sensitive data, either personal or corporate, should always password protect it at a minimum — and encrypt it if the data is really sensitive,” added Kahl.
According to the IT professionals surveyed, the worst culprits at addressing mobile security within their companies are typically the sales teams, followed by the board of directors and senior management. HR comes out as the best at keeping their mobiles aligned to the corporate mobile security policy.
The survey also found that a third of IT professionals use their own personal mobile phone for work purposes even though companies specifically ban them for business use, with almost a fifth spending an hour or more per day on their own personal phone for business purposes.