Even after NOTW phone hacking news most cell users don't use a PIN to lock their devices. How do you make sure employees do?


We all keep lots of things on our smartphones that we probably would like to keep secure. Just ask Scarlet Johansson or any of the people who had their voicemail hacked by News of the World "journalists". It's one thing when it is something personal (even very, very personal), but it is far worse from my professional standpoint when it is corporate data. A recent survey from Confident Technologies (see http://www.informationweek.com/blog/mobility/231700155 ) suggests that 65% of smartphones have corporate data on their phones, while only 10% of those phones are actually provided by their employer. Ok, that's one thing, but when you combine it with the stat that less than 50% of users bother to password protect their smartphones, it becomes an area of concern. Beyond telling people to use a password on their smartphones (yeah, sure that will work), how can employees be actually convinced of how important these basic security steps are?

Topic: Security
Answer this Question


2 total
Vote Up (12)

I think a big part of the problem is that many people just do what they want, no matter the corporate policy.  It is human nature to minimize appreciation of risk, with the implicit assumption being more or less that bad things happen to other people.  If you happen to live in a state without motorcycle helmet law, just look at the number of people that ride without any protective gear.  I've actually worked with a guy that crashed his bike and spent time in ICU who then made fun of me for wearing a helmet, asking me whether I was planning to crash and that if I was afraid of motorcycles maybe I shouldn't ride them.  The funny thing about that is I actually race sportbikes at the amateur level, while he just rides a cruiser around town, and I've walked away from a high speed get off.  Like I said, it's human nature to deny risk instead of managing them.  If ICU can't teach people about risk mitigation, it's a good bet that a corporate memo outlining security risks of smartphones is going to fall on deaf ears.


It might still be worth a shot to send out a memo reminding people of all the recent phone hacking scandals, and perhaps establishing a zero tolerance policy for employees leaving their smartphones unprotected if they are used for work related purposes.  Even if there is no practical way to enforce it, perhaps it would get a few more employees to take basic security measures.  

Vote Up (9)

Perhaps the best way is for the company to issue the smartphone. That way it could be sure that any phones in use will be set up properly for security. Failing that, I am not sure how a company would be able to properly monitor phones that were brought in by employees. I suppose they could require a security check on personal phones, but that could be intrusive.

Ask a question

Join Now or Sign In to ask a question.
Almost 500,000 patient records have been hacked from the servers of the Harley Medical Group, the plastic surgery firm which has clinics across the UK.
Security researchers have found that many satellite communication systems have vulnerabilities and design flaws that can let remote attackers intercept, manipulate, block and in some cases take full control of critical communications.
The U.S. commercial drone industry is still struggling to get off the ground more than two years after President Obama signed into law a bill that permits the civilian use of unmanned aerial vehicles (UAV) over the country's airspace.
Sure, you’ve changed a bunch of passwords, but are you doing all you can to protect yourself?
About 2.6 million payment cards at Michaels Stores and another 400,000 at subsidiary Aaron Brothers may have been affected in a card skimming attack that compromised its point-of-sale systems, the retailer said Thursday.
National security may be at stake as private businesses try to manage a growing number of cyberthreats, but IT professionals shouldn't have to bear that burden alone.
Worried about how the Heartbleed vulnerability may affect your personal accounts? A new tool may be of help.
Whether it's the first time you've picked up an iPad or the seventeenth time you've pulled out your iPhone today, there are probably still some iOS 7 features and functionality that you're not familiar with. Don't sweat it: We're here to help. We've collected some of our favorite and most useful tips and compiled them here, just for you.
The Tor Project has flagged 380 Tor relays vulnerable to the critical Heartbleed flaw to be rejected from the Tor anonymity network, reducing the network's entry and exit capacity.
Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.

White Papers & Webcasts

See more White Papers | Webcasts