+1-888-690-2424entrust.com

Study shows both business owners and users are careless with mobile devices, highlighting need for comprehensive mobile security

Careful to Cavalier: How Cautious are Your Mobile Users?

Tableof contents

How secure is your mobile data?Page 10

Security is not front-of-mind at workPage 9

How we secure our business appsPage 8

Are basic mobile security controls in use?Page 7

More personal devices are in the workplacePage 6

Users and businesses alike must get more security savvyPage 5

The rise of mobile Page 4

The studyPage 4

IndexPage 15

ConclusionPage 14

Users not following company mobile IT policiesPage 13

Is your data being stolen with mobile devices? Page 12

Recognizing mobile security attacks Page 11Table

of contentscontinued …

4

New research that looks at mobile security in the UK reveals that business owners and users are haphazard and half-hearted in their approach to keeping mobile devices secure, putting both personal and business data at risk.

Research recently undertaken by Entrust Datacard, a leading provider of trusted identity and secure transaction technologies, provides a compelling snapshot of the state of mobile security in the UK today.

The study was conducted by Opinion Matters, on behalf of Entrust Datacard, from May 29, 2014, to June 3, 2014. The sample base included 504 UK-based users who use mobile devices for work-related activities.

Businesses are now more global, more responsive and more mobile than ever before. Today, however, mobility is about much more than just communication on-the-go. It’s about technology that enables the extended enterprise to securely connect and collaborate, linking customers, partners and employees to valuable online information services from any device — virtually any place and at any time.

Cisco published statistics1 that demonstrate how user demand is driving every business down the mobile route. By 2018 there will be 4.9 billion mobile users, up from 4.1 billion in 2013. And according to IDC, by 2017 total smartphone shipments are expected to approach 1.7 billion units, resulting in compound annual growth of 18.4 percent from 2013 to 2017.2

For businesses, the proliferation of both company-owned devices and BYOD (bring your own device) are causing IT considerable headaches, especially when it comes to security.

The study

The rise ofmobile

1 “Cisco VNI Global Mobile Data Forecast Update (2013–2018),” Cisco Systems Inc., Feb. 5, 2014. 2 “IDC Finds Worldwide Smartphone Shipments on Pace to Grow Nearly 40% in 2013 While Average Selling Prices Decline

More Than 12%,” Worldwide Quarterly Mobile Phone Tracker, International Data Corporation (IDC), Nov. 26, 2013.

5

There are exponential threats in identity, fraud and cybersecurity. Increases in applications, devices and identities per user offer increasing opportunities for attack. The good news is that mobile devices are, in fact, highly secure and can be made more so with additional security measures in place.

With this in mind, we explored whether UK workers and businesses really understand the implications of security threats on the mobile and if they are taking the right precautions when it comes to securing their mobile environments.

Our findings show that UK users and businesses alike are largely half-hearted in their approach to mobile security. And, even though they may know that a specific mobile device might not be secure — and despite company security policies in place — many users are not adhering to policy.

Our latest report, ‘Risky Business: The State of Mobile Security in the UK,’ explores these trends and provides a compelling, informative and worthwhile insight into the use of mobile in business today.

Usersand businessesmust get more security savvy

The Three Types of Mobile UsersThe study identified three types of user approaches to mobile security:

| Careful Consistently apply basic security approaches to protect the data on their mobile devices (74 percent use a PIN lock and never share it with anyone) and they always think about the security of what they’re accessing when at work (40 percent). They are also aware of their company’s mobile IT policy and adhere to it (53 percent).

| Cavalier Apply basic security approaches to protect the data on their mobile devices, but freely share their PIN lock with colleagues and/or friends and family members. They sometimes think about the security of what they are accessing at work (44 percent) and while they are aware that their company has a mobile IT policy, they do not know what it entails (13 percent).

| Cantankerous Do not apply basic security approaches to protect the data on their mobile devices (19 percent do not use a PIN lock at all) and they rarely or never think about the security of what they are accessing when at work (17 percent). And while they are aware of their company’s mobile IT policy, they do not adhere to it (15 percent).

6

More than 20 percent of those surveyed are offered a company-owned mobile device but are also able to bring in their own personal mobile — and they can choose which one they use for work. More than 50 percent bring in their own mobile device and use it for work.

With over 70 percent either using their own device or being able to choose to use their own devises at work, this poses a challenge to IT departments as they struggle to put policies and procedures in place to protect corporate data. This challenge is compounded as users increasingly want the ability to use any device in the corporate environment.

And once you look at the age demographics, this is a trend that looks set to continue. More so than any other age group, Generation Y value the freedom of choice to use their own device, with 70 percent of those aged 16-24 bringing their own mobile device to work and only use it for work purposes.

More personaldevices are in

the workplace

“70 percent of Generation Y bring their own mobile device to work and only use it for work purposes.”70%

7

Nearly one fifth of respondents (19 percent) don’t use a PIN lock to keep their mobile device secure. Over one quarter of respondents don’t use a PIN lock at all or they freely share it with other people (26 percent). This poor practice increases dramatically for the age groups 45-54 and 55-plus, with 37 percent and 43 percent, respectively.

When using your mobile device for work purposes, do you use a PIN lock for added security?

Are basicmobile security controls in use?

“Over a quarter of respondents either don’t use a PIN lock or

share their pin lock with friends and family.”

73.6%Yes, and only I know

what it is

19%No

7.3%Yes, but somone else

knows what it is

8

10 percent of those surveyed have no security control required to access their business apps, while 75 percent rely on the weakest form of protection: password protection.

Use of more sophisticated security measures such as one-time passcode (14 percent), encryption (14 percent), face scanner (7 percent) and voice recognition (6 percent) were low.

What type of security controls are required to access business-specific apps?

How wesecure our

business apps“When it comes to securing

business apps on the mobile, basic password protection still

reigns despite more sophisticated and secure approaches

being available.”

There are not any security controls that are required to access the business specific apps that I use

Password

One-time passcode

Fingerprint scanner

Encryption

Voice recognition

Facial recognition

10% 74% 15% 7% 14% 6% 7%WEAK STRONG

9

60 percent of those surveyed sometimes, rarely or never think about security when they are working. Alarmingly, 22 percent of business owners rarely or never think about security.

Clerical workers, however, were among the highest group that think about security all the time, at 49 percent, beaten only by senior managers at 59 percent.

How regularly do you think about the security of what you are accessing when working?

Security isnot front-of-mind

at work

All the time Sometimes Rarely Never

Base

Senior Manager

Clerical

Business Owners

39.7%

43.8%

11.9%

4.6%

59.2%

34.7%

6.1%

43.2%

35.1%

8.1%

13.5%

48.8%

39.0%

9.8%

2.4%

10

Only 28 percent of respondents think the data on their mobile devices is very secure, with a further 60 percent stating that it is quite secure. Just 11.5 percent think that the data on their mobile device is not very secure or not secure at all.

How secure do you think the data is on your mobile device?How

secure is your mobile data?

Very secure

Quite secure

Not very secure

Not secure at all

28% 60% 11% 1%

010 010 0 0 01101111 01110111 0 010 0 0 0 0 01110 011 0110 0101 0110 0 011 01110101 01110 010 0110 0101 0 0 1 0 0 0 0 0 011010 01 01110 011 0 010 0 0 0 0 011110 01 01101111 01110101 01110 010 0 010 0 0 0 0 01101101 01101111 0110 0 010 011010 01 0110110 0 0110 0101 0 010 0 0 0 0 0110 010 0 0110 0 0 01 0111010 0 0110 0 0 01 0 0111111

0 1 0 0 0 1 0 1 01101110 01110100 01110010 01110101 01110011 01110100

11

27 percent of respondents admitted that they have been subjected to a mobile security attack and 26 percent stated that they didn’t know if they have been attacked.

And, while only 6 percent of respondents 55 or older have been subjected to an attack, 31 percent of 16- to 24-year-olds have. The low response in the 55-plus group may be because 60 percent of this group state they don’t know or think they would not know if they had been subject to attack.

Which of the following apply to you?

Recognizingmobile security

attacks The percentage of respondents who admitted that they have been subjected to a mobile security attack.27%

The percentage of respondents who stated that they didn’t know if they have been attacked.26%

12

While close to 27 percent of the sample had a device lost or stolen up to three times in the last 12 months, the majority (71 percent) are more careful, having never had a device they use for work lost or stolen.

The 16- to 24-year-old age group is the most careless, with 43 percent admitting to losing a device in the last 12 months. One respondent in this group had a device lost or stolen nine times and another 10 times in one year.

How many times have you lost or had the mobile device you use for work stolen in the last year?

Is your databeing stolen with mobile

devices? “Close to 27 percent of respondents have had a device lost or stolen up

to three times in the last year.”

Three or More

Twice

Once

Never Lost or Stolen

100%

90%

80%

70%

60%

50%

40%

30%

20%

10%

0%

16-24 25-34 35-44 45-54 55+

Resp

onde

rs

Age Range

13

While most respondents (84 percent) were aware of that their company had an IT policy for mobile devices, a worrying 16 percent stated that either their company did not have an IT policy for mobile devices or that they were not aware of a policy.

And while most respondents were aware that their company had an IT policy for mobile devices, only 56 percent are up to speed with it and adhering to it. So this remains an area with room for improvement.

Which of the following statements best apply to you?

Time to worry? “16 percent of respondents stated

that either their company did not have an IT policy for mobile

devices or that they were not aware of a policy.”

Usersnot following

company mobileIT policies

I am aware of the company’s IT policy for mobile devices and I am up to speed with what it is and adhere to it.

I am aware of the company’s IT policy for mobile devices and I am up to speed with what it is but I am not currently adhering to it.

I am aware that the company has an IT policy for mobile devices but I do not know what it entails.

My company does not have an IT policy for mobile devices that I’m aware of.

My company definitely does not have an IT policy for mobile devices and they are not planning to implement one.

My company definitely does not have an IT policy for mobile devices but are planning to implement one.

56% 15% 13% 10% 6% 1%

14

The proliferation of mobile devices is front and centre for most organisations. As the use of mobile devices and applications grows, and bring-your-own-device (BYOD) initiatives become more commonplace, organisations are increasingly challenged when it comes to properly authenticating both employee-owned and company-issued mobile devices that access corporate systems, data and customer accounts.

To effectively mitigate risk, enable true efficiency and satisfy customers in the mobile environment, organisations must ensure that mobile devices are properly secured. This has to be done, however, in a way that minimises user frustrations.

The report shows that even the best-intentioned users will be irresponsible or haphazard with mobile security from time to time. Organisations have a role to play in encouraging users to be vigilant, even suspicious, to help keep the mobile environment from becoming a point of entry into corporate networks.

At Entrust Datacard, we not only help secure mobile identities and transactions, we also empower organisations to leverage mobile devices to improve overall security and streamline business processes. Entrust Datacard solutions authenticate mobile devices connecting to a network, encrypt and digitally sign mobile email communication, embed identity protection into mobile applications, and monitor transactions to detect fraudulent or unauthorised activity.

As a result, security controls are increased across all channels, enabling more convenience for employees and customers alike. Once secured, organisations have the opportunity to leverage mobile devices to actually improve security in other parts of the business.

Secured mobile devices are effective, popular and may be leveraged as a virtual employee identity to securely access computers, applications, cloud services and even physical doors. And in high-risk situations, mobile can be leveraged to provide identity-assured transactions that effectively defeat malware-based attack.

Mobile offers such advantages that businesses shouldn't let poor user practice get in the way. Companies should seek to put best practice guidelines in place to turn their cantankerous and cavalier users into careful users.

If you would like to know more about how to create a secure mobile environment for your business, download Securing Mobile Identities, Devices & Transactions or contact us on 0118 953 3000.

ConclusionReady to Embrace Mobile?

It’s time to take action to properly secure your mobile environment — and associated identities and information.

15

IndexMore personal devices are in the workplacePage 6

Question 1: Which of the following best applies to you?

Base

Age

16-24 25-34 35-44 45-54 55+

Base 504 82 161 120 93 48

I bring my own mobile device to the office and only use this for work purposes

263 52.2%

58 70.7%

84 52.2%

63 52.5%

38 40.9%

20 41.7%

I use a company-issued mobile device for work purposes only

130 25.8%

11 13.4%

42 26.1%

29 24.2%

30 32.3%

18 37.5%

I can use a company-issued mobile device, but also bring my own mobile device to the office and can choose which I use for work purposes

111 22.0%

13 15.9%

35 21.7%

28 23.3%

25 26.9%

10 20.8%

Are basic mobile security controls in use?Page 7

Question 2: When using your mobile device for work purposes, do you use a PIN lock for added security?

Base

Age

16-24 25-34 35-44 45-54 55+

Base 504 82 161 120 93 48

Yes, and only I know what it is371

73.6%65

79.3%121

75.2%100

83.3%58

62.4%27

56.3%

No96

19.0%10

12.2%23

14.3%12

10.0%30

32.3%21

43.8%

Yes, and my colleague(s) and/or a friend(s)/family member(s) know what it is

37 7.3%

7 8.5%

17 10.6%

8 6.7%

5 5.4%

– –

16

Index

How we secure our business appsPage 8

Question 3: What type of security controls are required to access business-specific apps?

Base 445

There are not any security controls that are required to access the business-specific apps that I use

43 9.7%

Password331

74.4%

One-time passcode66

14.8%

Fingerprint scanner29

6.5%

Encryption63

14.2%

Voice recognition27

6.1%

Facial recognition29

6.5%

Other1

0.2%

17

Index

Security is not front-of-mind at workPage 9

Question 4: How regularly do you think about the security of what you are accessing when working?

Base

Job Role

ClericalManual - unskilled

Manual - skilled

Graduate entry level

Base 504 41 37 108 32

All the time200

39.7%20

48.8%10

27.0%41

38.0%13

40.6%

Sometimes221

43.8%16

39.0%17

45.9%50

46.3%14

43.8%

Rarely60

11.9%4

9.8%9

24.3%10

9.3%3

9.4%

Never23

4.6%1

2.4%1

2.7%7

6.5%2

6.3%

Job Role

Junior manager

Middle manager

Senior manager

DirectorBusiness owner

Base 82 109 49 9 37

All the time30

36.6%38

34.9%29

59.2%3

33.3%16

43.2%

Sometimes38

46.3%51

46.8%17

34.7%5

55.6%13

35.1%

Rarely10

12.2%17

15.6%3

6.1%1

11.1%3

8.1%

Never4

4.9%3

2.8%– –

– –

5 13.5%

18

Index

How secure is your mobile data?Page 10

Question 5: How secure do you think the data is on your mobile device?

Base 504

Very secure142

28.2%

Quite secure304

60.3%

Not very secure54

10.7%

Not secure at all4

0.8%

Question 6: Which device do you use the most?

Base

Age

16-24 25-34 35-44 45-54 55+

Base 492 82 158 117 89 46

Desktop317

64.4%41

50.0%100

63.3%77

65.8%66

74.2%33

71.7%

Mobile175

35.6%41

50.0%58

36.7%40

34.2%23

25.8%13

28.3%

19

Index

Recognizing mobile security attacks Page 11

Question 7: Which of the following apply to you?

Base

Age

16-24 25-34 35-44 45-54 55+

Base 504 82 161 120 93 48

I definitely have not been subject to a mobile security attack

135 26.8%

16 19.5%

41 25.5%

32 26.7%

27 29.0%

19 39.6%

I don’t know whether I have been subject to a mobile security attack

134 26.6%

24 29.3%

41 25.5%

34 28.3%

26 28.0%

9 18.8%

I would know if my mobile device had been hacked

108 21.4%

15 18.3%

44 27.3%

27 22.5%

14 15.1%

8 16.7%

I don’t think I would know if my mobile device had been hacked

106 21.0%

11 13.4%

24 14.9%

28 23.3%

27 29.0%

16 33.3%

I have been subject to a mobile security attack

88 17.5%

26 31.7%

35 21.7%

17 14.2%

7 7.5%

3 6.3%

I definitely would not know if my mobile device had been hacked

22 4.4%

2 2.4%

3 1.9%

4 3.3%

9 9.7%

4 8.3%

20

Index

Is your data being stolen with mobile devices? Page 12

Question 8: How many times have you lost or had the mobile device you use for work stolen in the last year?

Base

Age

16-24 25-34 35-44 45-54 55+

Base 504 82 161 120 93 48

Never360

71.4%46

56.1%100

62.1%89

74.2%81

87.1%44

91.7%

Once73

14.5%17

20.7%31

19.3%16

13.3%7

7.5%2

4.2%

Twice49

9.7%11

13.4%20

12.4%12

10.0%4

4.3%2

4.2%

Three times13

2.6%2

2.4%8

5.0%2

1.7%1

1.1%– –

Four times3

0.6%2

2.4%1

0.6%– –

– –

– –

Five times1

0.2%– –

1 0.6%

– –

– –

– –

Six times2

0.4%2

2.4%– –

– –

– –

– –

Seven times– –

– –

– –

– –

– –

– –

Eight times1

0.2%– –

– –

1 0.8%

– –

– –

Nine times1

0.2%1

1.2%– –

– –

– –

– –

Ten times1

0.2%1

1.2%– –

– –

– –

– –

21

Index

Users not following company mobile IT policiesPage 13

Question 9: Which of the following statements best apply to you?

Base 504

I am aware of the company’s IT policy for mobile devices and I am up to speed with what it is and adhere to it

282 56.0%

I am aware of the company’s IT policy for mobile devices and I am up to speed with what it is but I am not currently adhering to it

75 14.9%

I am aware that the company has an IT policy for mobile devices but I do not know what it entails

64 12.7%

My company does not have an IT policy for mobile devices that I’m aware of

50 9.9%

My company definitely does not have an IT policy for mobile devices and they are not planning to implement one

29 5.8%

My company definitely does not have an IT policy for mobile devices but are planning to implement one

4 0.8%

Entrust offers software authentication platforms that strengthen security in a wide range of identity and transaction ecosystems. Government agencies, financial institutions and other enterprises rely on Entrust solutions to strengthen trust and reduce complexity for consumers, citizens and employees.

Now, as part of Datacard Group, Entrust offers an expanded portfolio of solutions across more than 150 countries. Together, Datacard Group and Entrust issue more than 10 million secure identities every day, manage billions of secure transactions annually and issue a majority of the world’s financial cards.

For more information about Entrust solutions, call +1 888-690-2424, email entrust@entrust.com or visit www.entrust.com.

Company FactsWebsite: entrust.com Employees: 359 Customers: 5,000 Offices: 10 globally

HeadquartersThree Lincoln Centre 5430 LBJ Freeway Suite 1250 Dallas, TX 75240 USA

SalesNorth America: +1-888-690-2424 EMEA: +44 (0) 118 953 3000 Email: entrust@entrust.com

Entrustand you

“More than ever, Entrust understands your organization’s

security pain points.”

Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. Entrust is a registered trademark of Entrust Limited in Canada. All other company and product names are trademarks or registered trademarks of their respective owners. The material provided in this document is for information purposes only. It is not intended to be advice. You should not act or abstain from acting based upon such information without first consulting a professional. ENTRUST DOES NOT WARRANT THE QUALITY, ACCURACY OR COMPLETENESS OF THE INFORMATION CONTAINED IN THIS ARTICLE. SUCH INFORMATION IS PROVIDED “AS IS” WITHOUT ANY REPRESENTATIONS AND/OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, BY USAGE OF TRADE, OR OTHERWISE, AND ENTRUST SPECIFICALLY DISCLAIMS ANY AND ALL REPRESENTATIONS, AND/OR WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT, OR FITNESS FOR A SPECIFIC PURPOSE.

30097-1-1214