I was in Boston a couple of weeks ago with my family. As we got into a taxi to go to the restaurant for dinner, I found an iPhone on the seat, and gave it to the driver. Turns out the taxi driver had just dropped a friend off at the airport for a flight, and his buddy left his iPhone in the cab. The driver wanted to get in touch with his friend’s girlfriend, in case his friend called her from the airport worried about where his iPhone may have ended up. But, his friend’s iPhone was locked. The cabbie complained about the iPhone being locked, and wondered aloud why anyone would need a password on their mobile phone.
It was the wrong question to ask with me in the cab. I started listing for him all the reasons why anyone – better yet, EVERYone – should have a passcode set on their mobile device.
However, the cab driver still wasn’t sold on the idea of setting a passcode on a mobile device. His reasoning was, “Who would store private information on a cell phone anyway?”
Well, I guess my cab driver didn’t realize that, according to the recently published Trusted Mobility Index from Juniper Networks, which surveyed over 4,000 mobile device users and IT decision-makers in the U.S., UK, Germany, Japan and China, nearly three quarters of global respondents report they use their mobile devices to access critical data, such as online banking or personal medical information. And, business users use their devices even more, with nearly 90 percent of respondents worldwide use their mobile device to access sensitive work information.
But, you know what’s even scarier? A majority of users do not even implement a simple passcode to secure their mobile device from unauthorized access if lost or stolen. A recent article on About.com estimated that only half of all smartphone users protect their information with a password. That’s like leaving the drawer to a file cabinet with all of your personal data – banking, credit card, healthcare and prescriptions, photos, daily calendar and so on – or critical business data – like IP – open and unlocked! It’s simply an invitation to disaster!
And, this with mobile devices being lost or stolen at an alarming rate. In New York City alone, according to the New York Police Department, 42 percent of all property crimes of individuals in 2011 involved a cell.... And, according to Micro-Trax (http://www.micro-trax.com/statistics/), 113 cell phones are lost or stolen every minute in the U.S., with 120,000 cell phones lost annually in Chicago taxi cabs alone.
That’s why it’s vital for enterprises and government agencies that empower their employees and other authorized individuals to access their network, cloud and sensitive resources and data from their personal mobile devices, to create and enact a Bring Your Own Device (BYOD) policy that includes strict passcode policies and enforcement. According to Juniper’s Trusted Mobility Index, nearly half of all respondents who use their personal mobile device for work do so without their company’s permission, disregarding their employers’ official mobile device policies.
This makes it imperative to implement and enforce strong passcode policies such as:
For instance, I use my personal mobile devices – an Android smartphone and an iPad – to access my network via VPN to access networked applications, download emails, and open and read attachments, which sometimes include sensitive information and maybe even IP. I use Junos Pulse to access the network via VPN, and Junos Pulse Mobile Security Suite to secure my device, and protect my apps and data. Juniper has implemented a policy that if a user accesses the Juniper network from their personal mobile devices, robust passcodes – longer, stronger and more restrictive than those typically enforced by the devices themselves, or by service providers – must be used.
Users need to better understand why they need to set passcodes on their mobile devices. They
many times also need to be protected from their apathetic attitude toward mobile security—aka what they don’t know, can’t hurt them (or, ignorance is bliss). What they need to – or have someone, such as their service provider, do for them – is ensure that the personal data they have downloaded to and that resides on their devices, as well as their saved and auto-complete user names for e-mail, social networking, cloud apps and other sensitive apps remain secure and unimpeachable should their device be lost or stolen.
And, business users – and especially their employers – need to set and enforce definitive passcode policies. As evidenced by concerns reported in Juniper’s Trusted Mobility Index, nearly half of the IT leaders surveyed fear personal mobile devices accessing their network and resources due to potential security breaches from stolen mobile devices.
You may not like or even think you need passcodes enforced on your personal mobile devices. But, believe me, like eating your vegetables, it’s good for you!
Discussing a wide range of topics impacting enterprises and data center security.