· table. of contents. how secure is your mobile data? page 10. security is not front-of-mind at...
TRANSCRIPT
+1-888-690-2424entrust.com
Study shows both business owners and users are careless with mobile devices, highlighting need for comprehensive mobile security
Careful to Cavalier: How Cautious are Your Mobile Users?
Tableof contents
How secure is your mobile data?Page 10
Security is not front-of-mind at workPage 9
How we secure our business appsPage 8
Are basic mobile security controls in use?Page 7
More personal devices are in the workplacePage 6
Users and businesses alike must get more security savvyPage 5
The rise of mobile Page 4
The studyPage 4
IndexPage 15
ConclusionPage 14
Users not following company mobile IT policiesPage 13
Is your data being stolen with mobile devices? Page 12
Recognizing mobile security attacks Page 11Table
of contentscontinued …
4
New research that looks at mobile security in the UK reveals that business owners and users are haphazard and half-hearted in their approach to keeping mobile devices secure, putting both personal and business data at risk.
Research recently undertaken by Entrust Datacard, a leading provider of trusted identity and secure transaction technologies, provides a compelling snapshot of the state of mobile security in the UK today.
The study was conducted by Opinion Matters, on behalf of Entrust Datacard, from May 29, 2014, to June 3, 2014. The sample base included 504 UK-based users who use mobile devices for work-related activities.
Businesses are now more global, more responsive and more mobile than ever before. Today, however, mobility is about much more than just communication on-the-go. It’s about technology that enables the extended enterprise to securely connect and collaborate, linking customers, partners and employees to valuable online information services from any device — virtually any place and at any time.
Cisco published statistics1 that demonstrate how user demand is driving every business down the mobile route. By 2018 there will be 4.9 billion mobile users, up from 4.1 billion in 2013. And according to IDC, by 2017 total smartphone shipments are expected to approach 1.7 billion units, resulting in compound annual growth of 18.4 percent from 2013 to 2017.2
For businesses, the proliferation of both company-owned devices and BYOD (bring your own device) are causing IT considerable headaches, especially when it comes to security.
The study
The rise ofmobile
1 “Cisco VNI Global Mobile Data Forecast Update (2013–2018),” Cisco Systems Inc., Feb. 5, 2014. 2 “IDC Finds Worldwide Smartphone Shipments on Pace to Grow Nearly 40% in 2013 While Average Selling Prices Decline
More Than 12%,” Worldwide Quarterly Mobile Phone Tracker, International Data Corporation (IDC), Nov. 26, 2013.
5
There are exponential threats in identity, fraud and cybersecurity. Increases in applications, devices and identities per user offer increasing opportunities for attack. The good news is that mobile devices are, in fact, highly secure and can be made more so with additional security measures in place.
With this in mind, we explored whether UK workers and businesses really understand the implications of security threats on the mobile and if they are taking the right precautions when it comes to securing their mobile environments.
Our findings show that UK users and businesses alike are largely half-hearted in their approach to mobile security. And, even though they may know that a specific mobile device might not be secure — and despite company security policies in place — many users are not adhering to policy.
Our latest report, ‘Risky Business: The State of Mobile Security in the UK,’ explores these trends and provides a compelling, informative and worthwhile insight into the use of mobile in business today.
Usersand businessesmust get more security savvy
The Three Types of Mobile UsersThe study identified three types of user approaches to mobile security:
| Careful Consistently apply basic security approaches to protect the data on their mobile devices (74 percent use a PIN lock and never share it with anyone) and they always think about the security of what they’re accessing when at work (40 percent). They are also aware of their company’s mobile IT policy and adhere to it (53 percent).
| Cavalier Apply basic security approaches to protect the data on their mobile devices, but freely share their PIN lock with colleagues and/or friends and family members. They sometimes think about the security of what they are accessing at work (44 percent) and while they are aware that their company has a mobile IT policy, they do not know what it entails (13 percent).
| Cantankerous Do not apply basic security approaches to protect the data on their mobile devices (19 percent do not use a PIN lock at all) and they rarely or never think about the security of what they are accessing when at work (17 percent). And while they are aware of their company’s mobile IT policy, they do not adhere to it (15 percent).
6
More than 20 percent of those surveyed are offered a company-owned mobile device but are also able to bring in their own personal mobile — and they can choose which one they use for work. More than 50 percent bring in their own mobile device and use it for work.
With over 70 percent either using their own device or being able to choose to use their own devises at work, this poses a challenge to IT departments as they struggle to put policies and procedures in place to protect corporate data. This challenge is compounded as users increasingly want the ability to use any device in the corporate environment.
And once you look at the age demographics, this is a trend that looks set to continue. More so than any other age group, Generation Y value the freedom of choice to use their own device, with 70 percent of those aged 16-24 bringing their own mobile device to work and only use it for work purposes.
More personaldevices are in
the workplace
“70 percent of Generation Y bring their own mobile device to work and only use it for work purposes.”70%
7
Nearly one fifth of respondents (19 percent) don’t use a PIN lock to keep their mobile device secure. Over one quarter of respondents don’t use a PIN lock at all or they freely share it with other people (26 percent). This poor practice increases dramatically for the age groups 45-54 and 55-plus, with 37 percent and 43 percent, respectively.
When using your mobile device for work purposes, do you use a PIN lock for added security?
Are basicmobile security controls in use?
“Over a quarter of respondents either don’t use a PIN lock or
share their pin lock with friends and family.”
73.6%Yes, and only I know
what it is
19%No
7.3%Yes, but somone else
knows what it is
8
10 percent of those surveyed have no security control required to access their business apps, while 75 percent rely on the weakest form of protection: password protection.
Use of more sophisticated security measures such as one-time passcode (14 percent), encryption (14 percent), face scanner (7 percent) and voice recognition (6 percent) were low.
What type of security controls are required to access business-specific apps?
How wesecure our
business apps“When it comes to securing
business apps on the mobile, basic password protection still
reigns despite more sophisticated and secure approaches
being available.”
There are not any security controls that are required to access the business specific apps that I use
Password
One-time passcode
Fingerprint scanner
Encryption
Voice recognition
Facial recognition
10% 74% 15% 7% 14% 6% 7%WEAK STRONG
9
60 percent of those surveyed sometimes, rarely or never think about security when they are working. Alarmingly, 22 percent of business owners rarely or never think about security.
Clerical workers, however, were among the highest group that think about security all the time, at 49 percent, beaten only by senior managers at 59 percent.
How regularly do you think about the security of what you are accessing when working?
Security isnot front-of-mind
at work
All the time Sometimes Rarely Never
Base
Senior Manager
Clerical
Business Owners
39.7%
43.8%
11.9%
4.6%
59.2%
34.7%
6.1%
43.2%
35.1%
8.1%
13.5%
48.8%
39.0%
9.8%
2.4%
10
Only 28 percent of respondents think the data on their mobile devices is very secure, with a further 60 percent stating that it is quite secure. Just 11.5 percent think that the data on their mobile device is not very secure or not secure at all.
How secure do you think the data is on your mobile device?How
secure is your mobile data?
Very secure
Quite secure
Not very secure
Not secure at all
28% 60% 11% 1%
010 010 0 0 01101111 01110111 0 010 0 0 0 0 01110 011 0110 0101 0110 0 011 01110101 01110 010 0110 0101 0 0 1 0 0 0 0 0 011010 01 01110 011 0 010 0 0 0 0 011110 01 01101111 01110101 01110 010 0 010 0 0 0 0 01101101 01101111 0110 0 010 011010 01 0110110 0 0110 0101 0 010 0 0 0 0 0110 010 0 0110 0 0 01 0111010 0 0110 0 0 01 0 0111111
0 1 0 0 0 1 0 1 01101110 01110100 01110010 01110101 01110011 01110100
11
27 percent of respondents admitted that they have been subjected to a mobile security attack and 26 percent stated that they didn’t know if they have been attacked.
And, while only 6 percent of respondents 55 or older have been subjected to an attack, 31 percent of 16- to 24-year-olds have. The low response in the 55-plus group may be because 60 percent of this group state they don’t know or think they would not know if they had been subject to attack.
Which of the following apply to you?
Recognizingmobile security
attacks The percentage of respondents who admitted that they have been subjected to a mobile security attack.27%
The percentage of respondents who stated that they didn’t know if they have been attacked.26%
12
While close to 27 percent of the sample had a device lost or stolen up to three times in the last 12 months, the majority (71 percent) are more careful, having never had a device they use for work lost or stolen.
The 16- to 24-year-old age group is the most careless, with 43 percent admitting to losing a device in the last 12 months. One respondent in this group had a device lost or stolen nine times and another 10 times in one year.
How many times have you lost or had the mobile device you use for work stolen in the last year?
Is your databeing stolen with mobile
devices? “Close to 27 percent of respondents have had a device lost or stolen up
to three times in the last year.”
Three or More
Twice
Once
Never Lost or Stolen
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
16-24 25-34 35-44 45-54 55+
Resp
onde
rs
Age Range
13
While most respondents (84 percent) were aware of that their company had an IT policy for mobile devices, a worrying 16 percent stated that either their company did not have an IT policy for mobile devices or that they were not aware of a policy.
And while most respondents were aware that their company had an IT policy for mobile devices, only 56 percent are up to speed with it and adhering to it. So this remains an area with room for improvement.
Which of the following statements best apply to you?
Time to worry? “16 percent of respondents stated
that either their company did not have an IT policy for mobile
devices or that they were not aware of a policy.”
Usersnot following
company mobileIT policies
I am aware of the company’s IT policy for mobile devices and I am up to speed with what it is and adhere to it.
I am aware of the company’s IT policy for mobile devices and I am up to speed with what it is but I am not currently adhering to it.
I am aware that the company has an IT policy for mobile devices but I do not know what it entails.
My company does not have an IT policy for mobile devices that I’m aware of.
My company definitely does not have an IT policy for mobile devices and they are not planning to implement one.
My company definitely does not have an IT policy for mobile devices but are planning to implement one.
56% 15% 13% 10% 6% 1%
14
The proliferation of mobile devices is front and centre for most organisations. As the use of mobile devices and applications grows, and bring-your-own-device (BYOD) initiatives become more commonplace, organisations are increasingly challenged when it comes to properly authenticating both employee-owned and company-issued mobile devices that access corporate systems, data and customer accounts.
To effectively mitigate risk, enable true efficiency and satisfy customers in the mobile environment, organisations must ensure that mobile devices are properly secured. This has to be done, however, in a way that minimises user frustrations.
The report shows that even the best-intentioned users will be irresponsible or haphazard with mobile security from time to time. Organisations have a role to play in encouraging users to be vigilant, even suspicious, to help keep the mobile environment from becoming a point of entry into corporate networks.
At Entrust Datacard, we not only help secure mobile identities and transactions, we also empower organisations to leverage mobile devices to improve overall security and streamline business processes. Entrust Datacard solutions authenticate mobile devices connecting to a network, encrypt and digitally sign mobile email communication, embed identity protection into mobile applications, and monitor transactions to detect fraudulent or unauthorised activity.
As a result, security controls are increased across all channels, enabling more convenience for employees and customers alike. Once secured, organisations have the opportunity to leverage mobile devices to actually improve security in other parts of the business.
Secured mobile devices are effective, popular and may be leveraged as a virtual employee identity to securely access computers, applications, cloud services and even physical doors. And in high-risk situations, mobile can be leveraged to provide identity-assured transactions that effectively defeat malware-based attack.
Mobile offers such advantages that businesses shouldn't let poor user practice get in the way. Companies should seek to put best practice guidelines in place to turn their cantankerous and cavalier users into careful users.
If you would like to know more about how to create a secure mobile environment for your business, download Securing Mobile Identities, Devices & Transactions or contact us on 0118 953 3000.
ConclusionReady to Embrace Mobile?
It’s time to take action to properly secure your mobile environment — and associated identities and information.
15
IndexMore personal devices are in the workplacePage 6
Question 1: Which of the following best applies to you?
Base
Age
16-24 25-34 35-44 45-54 55+
Base 504 82 161 120 93 48
I bring my own mobile device to the office and only use this for work purposes
263 52.2%
58 70.7%
84 52.2%
63 52.5%
38 40.9%
20 41.7%
I use a company-issued mobile device for work purposes only
130 25.8%
11 13.4%
42 26.1%
29 24.2%
30 32.3%
18 37.5%
I can use a company-issued mobile device, but also bring my own mobile device to the office and can choose which I use for work purposes
111 22.0%
13 15.9%
35 21.7%
28 23.3%
25 26.9%
10 20.8%
Are basic mobile security controls in use?Page 7
Question 2: When using your mobile device for work purposes, do you use a PIN lock for added security?
Base
Age
16-24 25-34 35-44 45-54 55+
Base 504 82 161 120 93 48
Yes, and only I know what it is371
73.6%65
79.3%121
75.2%100
83.3%58
62.4%27
56.3%
No96
19.0%10
12.2%23
14.3%12
10.0%30
32.3%21
43.8%
Yes, and my colleague(s) and/or a friend(s)/family member(s) know what it is
37 7.3%
7 8.5%
17 10.6%
8 6.7%
5 5.4%
– –
16
Index
How we secure our business appsPage 8
Question 3: What type of security controls are required to access business-specific apps?
Base 445
There are not any security controls that are required to access the business-specific apps that I use
43 9.7%
Password331
74.4%
One-time passcode66
14.8%
Fingerprint scanner29
6.5%
Encryption63
14.2%
Voice recognition27
6.1%
Facial recognition29
6.5%
Other1
0.2%
17
Index
Security is not front-of-mind at workPage 9
Question 4: How regularly do you think about the security of what you are accessing when working?
Base
Job Role
ClericalManual - unskilled
Manual - skilled
Graduate entry level
Base 504 41 37 108 32
All the time200
39.7%20
48.8%10
27.0%41
38.0%13
40.6%
Sometimes221
43.8%16
39.0%17
45.9%50
46.3%14
43.8%
Rarely60
11.9%4
9.8%9
24.3%10
9.3%3
9.4%
Never23
4.6%1
2.4%1
2.7%7
6.5%2
6.3%
Job Role
Junior manager
Middle manager
Senior manager
DirectorBusiness owner
Base 82 109 49 9 37
All the time30
36.6%38
34.9%29
59.2%3
33.3%16
43.2%
Sometimes38
46.3%51
46.8%17
34.7%5
55.6%13
35.1%
Rarely10
12.2%17
15.6%3
6.1%1
11.1%3
8.1%
Never4
4.9%3
2.8%– –
– –
5 13.5%
18
Index
How secure is your mobile data?Page 10
Question 5: How secure do you think the data is on your mobile device?
Base 504
Very secure142
28.2%
Quite secure304
60.3%
Not very secure54
10.7%
Not secure at all4
0.8%
Question 6: Which device do you use the most?
Base
Age
16-24 25-34 35-44 45-54 55+
Base 492 82 158 117 89 46
Desktop317
64.4%41
50.0%100
63.3%77
65.8%66
74.2%33
71.7%
Mobile175
35.6%41
50.0%58
36.7%40
34.2%23
25.8%13
28.3%
19
Index
Recognizing mobile security attacks Page 11
Question 7: Which of the following apply to you?
Base
Age
16-24 25-34 35-44 45-54 55+
Base 504 82 161 120 93 48
I definitely have not been subject to a mobile security attack
135 26.8%
16 19.5%
41 25.5%
32 26.7%
27 29.0%
19 39.6%
I don’t know whether I have been subject to a mobile security attack
134 26.6%
24 29.3%
41 25.5%
34 28.3%
26 28.0%
9 18.8%
I would know if my mobile device had been hacked
108 21.4%
15 18.3%
44 27.3%
27 22.5%
14 15.1%
8 16.7%
I don’t think I would know if my mobile device had been hacked
106 21.0%
11 13.4%
24 14.9%
28 23.3%
27 29.0%
16 33.3%
I have been subject to a mobile security attack
88 17.5%
26 31.7%
35 21.7%
17 14.2%
7 7.5%
3 6.3%
I definitely would not know if my mobile device had been hacked
22 4.4%
2 2.4%
3 1.9%
4 3.3%
9 9.7%
4 8.3%
20
Index
Is your data being stolen with mobile devices? Page 12
Question 8: How many times have you lost or had the mobile device you use for work stolen in the last year?
Base
Age
16-24 25-34 35-44 45-54 55+
Base 504 82 161 120 93 48
Never360
71.4%46
56.1%100
62.1%89
74.2%81
87.1%44
91.7%
Once73
14.5%17
20.7%31
19.3%16
13.3%7
7.5%2
4.2%
Twice49
9.7%11
13.4%20
12.4%12
10.0%4
4.3%2
4.2%
Three times13
2.6%2
2.4%8
5.0%2
1.7%1
1.1%– –
Four times3
0.6%2
2.4%1
0.6%– –
– –
– –
Five times1
0.2%– –
1 0.6%
– –
– –
– –
Six times2
0.4%2
2.4%– –
– –
– –
– –
Seven times– –
– –
– –
– –
– –
– –
Eight times1
0.2%– –
– –
1 0.8%
– –
– –
Nine times1
0.2%1
1.2%– –
– –
– –
– –
Ten times1
0.2%1
1.2%– –
– –
– –
– –
21
Index
Users not following company mobile IT policiesPage 13
Question 9: Which of the following statements best apply to you?
Base 504
I am aware of the company’s IT policy for mobile devices and I am up to speed with what it is and adhere to it
282 56.0%
I am aware of the company’s IT policy for mobile devices and I am up to speed with what it is but I am not currently adhering to it
75 14.9%
I am aware that the company has an IT policy for mobile devices but I do not know what it entails
64 12.7%
My company does not have an IT policy for mobile devices that I’m aware of
50 9.9%
My company definitely does not have an IT policy for mobile devices and they are not planning to implement one
29 5.8%
My company definitely does not have an IT policy for mobile devices but are planning to implement one
4 0.8%
Entrust offers software authentication platforms that strengthen security in a wide range of identity and transaction ecosystems. Government agencies, financial institutions and other enterprises rely on Entrust solutions to strengthen trust and reduce complexity for consumers, citizens and employees.
Now, as part of Datacard Group, Entrust offers an expanded portfolio of solutions across more than 150 countries. Together, Datacard Group and Entrust issue more than 10 million secure identities every day, manage billions of secure transactions annually and issue a majority of the world’s financial cards.
For more information about Entrust solutions, call +1 888-690-2424, email [email protected] or visit www.entrust.com.
Company FactsWebsite: entrust.com Employees: 359 Customers: 5,000 Offices: 10 globally
HeadquartersThree Lincoln Centre 5430 LBJ Freeway Suite 1250 Dallas, TX 75240 USA
SalesNorth America: +1-888-690-2424 EMEA: +44 (0) 118 953 3000 Email: [email protected]
Entrustand you
“More than ever, Entrust understands your organization’s
security pain points.”
Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. Entrust is a registered trademark of Entrust Limited in Canada. All other company and product names are trademarks or registered trademarks of their respective owners. The material provided in this document is for information purposes only. It is not intended to be advice. You should not act or abstain from acting based upon such information without first consulting a professional. ENTRUST DOES NOT WARRANT THE QUALITY, ACCURACY OR COMPLETENESS OF THE INFORMATION CONTAINED IN THIS ARTICLE. SUCH INFORMATION IS PROVIDED “AS IS” WITHOUT ANY REPRESENTATIONS AND/OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, BY USAGE OF TRADE, OR OTHERWISE, AND ENTRUST SPECIFICALLY DISCLAIMS ANY AND ALL REPRESENTATIONS, AND/OR WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT, OR FITNESS FOR A SPECIFIC PURPOSE.
30097-1-1214