Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
JayKelley

Passcodes: Mobile Security’s Version of Broccoli—It’s Good for You!

by Juniper Employee on ‎07-12-2012 08:52 AM

I was in Boston a couple of weeks ago with my family. As we got into a taxi to go to the restaurant for dinner, I found an iPhone on the seat, and gave it to the driver. Turns out the taxi driver had just dropped a friend off at the airport for a flight, and his buddy left his iPhone in the cab. The driver wanted to get in touch with his friend’s girlfriend, in case his friend called her from the airport worried about where his iPhone may have ended up. But, his friend’s iPhone was locked. The cabbie complained about the iPhone being locked, and wondered aloud why anyone would need a password on their mobile phone.

 

It was the wrong question to ask with me in the cab. I started listing for him all the reasons why anyone – better yet, EVERYone – should have a passcode set on their mobile device.

 

However, the cab driver still wasn’t sold on the idea of setting a passcode on a mobile device. His reasoning was, “Who would store private information on a cell phone anyway?”

 

Well, I guess my cab driver didn’t realize that, according to the recently published Trusted Mobility Index from Juniper Networks, which surveyed over 4,000 mobile device users and IT decision-makers in the U.S., UK, Germany, Japan and China, nearly three quarters of global respondents report they use their mobile devices to access critical data, such as online banking or personal medical information. And, business users use their devices even more, with nearly 90 percent of respondents worldwide use their mobile device to access sensitive work information.

 

But, you know what’s even scarier? A majority of users do not even implement a simple passcode to secure their mobile device from unauthorized access if lost or stolen.  A recent article on About.com estimated that only half of all smartphone users protect their information with a password. That’s like leaving the drawer to a file cabinet with all of your personal data – banking, credit card, healthcare and prescriptions, photos, daily calendar and so on – or critical business data – like IP – open and unlocked!  It’s simply an invitation to disaster!

 

And, this with mobile devices being lost or stolen at an alarming rate. In New York City alone, according to the New York Police Department, 42 percent of all property crimes of individuals in 2011 involved a cell.... And, according to Micro-Trax (http://www.micro-trax.com/statistics/), 113 cell phones are lost or stolen every minute in the U.S., with 120,000 cell phones lost annually in Chicago taxi cabs alone.

 

That’s why it’s vital for enterprises and government agencies that empower their employees and other authorized individuals to access their network, cloud and sensitive resources and data from their personal mobile devices, to create and enact a Bring Your Own Device (BYOD) policy that includes strict passcode policies and enforcement. According to Juniper’s Trusted Mobility Index, nearly half of all respondents who use their personal mobile device for work do so without their company’s permission, disregarding their employers’ official mobile device policies.

 

This makes it imperative to implement and enforce strong passcode policies such as:

 

  • Requiring the use and setting of strong device passcodes with a minimum passcode length that requires alphanumerics and use of non-alphanumeric characters.
  • Passcodes with a maximum age and firm expiration date, with the number of previous passcodes that cannot be reused, and the age of an existing passcode before a new passcode is required
  • Setting a maximum number of failed access attempts with an incorrect passcode before the device is automatically locked and/or wiped

 

For instance, I use my personal mobile devices – an Android smartphone and an iPad – to access my network via VPN to access networked applications, download emails, and open and read attachments, which sometimes include sensitive information and maybe even IP. I use Junos Pulse to access the network via VPN, and Junos Pulse Mobile Security Suite to secure my device, and protect my apps and data. Juniper has implemented a policy that if a user accesses the Juniper network from their personal mobile devices, robust passcodes – longer, stronger and more restrictive than those typically enforced by the devices themselves, or by service providers – must be used.

 

Users need to better understand why they need to set passcodes on their mobile devices. They

many times also need to be protected from their apathetic attitude toward mobile security—aka what they don’t know, can’t hurt them (or, ignorance is bliss). What they need to – or have someone, such as their service provider, do for them – is ensure that the personal data they have downloaded to and that resides on their devices, as well as their saved and auto-complete user names for e-mail, social networking, cloud apps and other sensitive apps remain secure and unimpeachable should their device be lost or stolen.

 

And, business users – and especially their employers – need to set and enforce definitive passcode policies. As evidenced by concerns reported in Juniper’s Trusted Mobility Index, nearly half of the IT leaders surveyed fear personal mobile devices accessing their network and resources due to potential security breaches from stolen mobile devices.

 

You may not like or even think you need passcodes enforced on your personal mobile devices. But, believe me, like eating your vegetables, it’s good for you!

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Erin K. Banks
Senior Technical Marketing Manager

Profile | Subscribe

Ajay Bharadwaj
Product Manager

Profile | Subscribe

Michael Callahan
Vice President
Product Marketing

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Mora Gozani
Senior Manager
Product Marketing

Profile | Subscribe

Ashur Kanoon
Sr. Manager
Technical Marketing

Profile | Subscribe

Seema Kathuria
Manager
Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director
Product Management

Profile | Subscribe

Dave Killion
Software Engineer

Profile | Subscribe

Rebecca Lawson
Senior Director
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Erin O'Malley
Manager
Product Marketing

Profile | Subscribe

Galina Pildush
Strategy & Planning
Architect

Profile | Subscribe

Edward Roberts
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Troy Vennon
Software Engineer

Profile | Subscribe

Brad Woodberg
Product Manager

Profile | Subscribe

Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.