News & Events

Subscribe to our updates

» Privacy Policy
Joomla Professional Work
Subscribe to Webcast

Press Releases

UK Businesses Left Vulnerable By Naïve Mobile Phone Users

Credant warns insecure devices could put employers in violation of data protection laws

London 18th March- Many millions of users are exposed to the trappings of mobile phone criminals and opportunists who use the information stored on them to take over someone’s corporate and personal life. According to the findings of a survey by endpoint data protection security experts, Credant Technologies, 99% of people use their own personal phones for some sort of business use – even though 26% have been instructed by their employer not to do so. The research surveyed 600 commuters at London railway stations about their mobile phones, typical usage and the types of sensitive information stored on them. The statistics for personal mobile phone usage should ring corporate alarm bells :

  • 35% receive and send business emails
  • 77% keep business names and addresses
  • 30% use them as a business diary
  • 17% download corporate information, such as documents and spreadsheets
  • 23% store customers information
  • alarmingly 40% naively fail to protect their devices with a password

Interestingly, the study found that 63% of employees are given a smartphone for work, however 41% of users haven’t been asked to sign a mobile usage policy. On the positive side 74% of corporate users are using a secure dial-in such as an SSL VPN to access their corporate networks and 56% are using the encryption either supplied by their company or what’s on the phone. However, this encryption is deemed useless if the phone is not protected with a password as was the case for four out of 10 users.

Sean Towns – an IT security specialist at Credant Technologies and adviser to many Government departments and large corporations, explains “Most companies should be horrified that so many of their employees are using their own personal phones to store such intimate and detailed information on customers. On a simplistic level this practice puts the organisation in breach of the data protection act by failing to meet some of its principals on electronic data. On a higher level it is worrying to think what could happen if these details were to fall into the wrong hands – a competitors for example. People are ignorant to how easy a professional thief could take over their life, both personal and professional, and effectively destroy it. It is therefore imperative that all mobile phone users, even with the most basic handset, password protect them.” 

When examining the typical usage of mobile devices, a worrying fact was over 80% of users keep highly confidential information on their phones that could easily be used to steal their identities such as:

  • 88% store business names and addresses
  • 84% store personal names and addresses
  • 69% store business emails
  • 56% store personal images
  • 53% store personal emails
  • 51% have their phone for business diary use
  • 44% for personal diary use
  • 40% store corporate info such as documents/spreadsheets
  • 40% have details on customers
  • 16% have their bank account details saved on their mobile phones
  • 24% their pin numbers and passwords
  • 11% keep social security and inland revenue details
  • 10% store credit card information

Credant Technologies suggest the following tips on best mobile practice:-

  • Educate all staff of the security and legal implications of downloading sensitive information to their own personal and corporate phones
  • Do not allow employees to use their own phones for corporate use – if they do make sure they follow corporate security policies
  • Dictate the management of all mobile devices, irrespective of ownership, in a security policy
  • Specify that all staff members sign the security policy to ensure they will not download unnecessary sensitive information, nor will they disclose this information to a third party, and make sure the appropriate software is in place to enforce the policy
  • If you have sensitive information you do not want downloaded, then block end-points on computers with efficient and cost effective software
  • Use encryption software that does not impair the use of the device and make sure that employees cannot by-pass the encryption or passwords
  • Remember security is a two way process – you need to have your staff on your side, so complement sensible, workable policies, with centrally controlled security technology combined with trust, education and understanding

Credant ID THEFT

If you would like a copy of the cartoon to use with this story, download from:
http://www.eskenzipr.com/files/CredantIDTHEFTcartoon.jpg

Please email Yvonne Eskenzi at This e-mail address is being protected from spambots, you need JavaScript enabled to view it or call Yvonne on 020 71832 832 for more information

About CREDANT Technologies

CREDANT Technologies is the market leader in endpoint data protection solutions that are critical components of an endpoint protection platform. CREDANT’s data security solutions preserve customer brand and reduce the cost of compliance, enabling business to “protect what matters.” CREDANT Mobile Guardian is the only centrally managed endpoint data protection solution providing strong authentication, intelligent encryption, usage controls, and key management that guarantees data recovery. By aligning security to the type of user, device and location, CREDANT ensures the audit and enforcement of security policies across all computing endpoints. Strategic partners and customers include leaders in finance, government, healthcare, manufacturing, retail, technology, and services. CREDANT was selected by Red Herring as one of the top 100 privately held companies and top 100 Innovators for 2004, and was named Ernst & Young Entrepreneur Of The Year 2005. Austin Ventures, Menlo Ventures, Crescendo Ventures, Intel Capital, and Cisco Systems are investors in CREDANT Technologies. For more information, visit www.credant.com.