BYOD Survey: 47% of Users Lack a Password on Smartphones Accessing Company Files
I got an email today suggesting I read this August 14, 2012 blog entry byCCI on Corporate Compliance Insights:
BYOD Survey: 47% of Users Lack a Password on Smartphones Accessing Company Files
Ouch! Yikes! Zounds!
It's kind of scary to think that you can spend a gazillion dollars and resource hours on data protection, VPNs, endpoint management, acceptable use/security/compliance documentation and so on and your sensitive data can still be out there unprotected, particularly when so many devices get lost. Intrigued, I ran with this a bit and coupled it with a separate blog posting on infosec ISLAND titled:
Nearly Five Percent of All Smartphones Lost Every Yearby, Robert SicilianoPublished on Tuesday, March 20, 2012.
Here is an abstract from his blog article (it is short and concise - read the whole thing):
“…Approximately 62% of smartphones are company owned devices assigned to employees for business use. 38% are personally owned and are used for business. Roughly 4.3% of these employee smartphones are lost or stolen each year.
Of the 142,706 smartphones reported missing by the 439 businesses surveyed, only 9,298—7%—were recovered. 13% of the missing smartphones were lost in the workplace, 29% were lost while traveling, and 47% were lost while employees were working away from the office, either at home or hotel rooms.
Employees were unsure where the remaining 11% were lost. And despite the fact that 60% of missing smartphones are believed to contain sensitive and confidential information, 57% were not protected with available security features. …”
-Robert Siciliano-
Pretty scary stuff.
So, doing the math (duly noted that this is nowhere near a statistically accurate method), 143000 phones (no mention of iPads and Android devices) floated around with 47% of them having no passcodes.
143K X 47% = 67210
60% of these are believed to contain sensitive information. That’s over 40,000 devices. Any of them yours?
- Medical information = HIPAA compliance issue?
- CEO strategic plan info = competitors’ dream? Steve Job's stolen iPad given to Kenny the Clown (no relation)
- DOD = Wikileaks?
“D’oh!”
-Homer Simpson-
So – what to do? Sift endlessly through mobile device management vendor information while BYOD devices expose us to more risk? Isn’t this pretty urgent stuff?
Why not just use what you already own?
One easy solution for iOS,( i.e., iPad and iPhones) using System Center Configuration Manager and QMX – Configuration Manager Mobile Edition:
1. 1. Find the devices with no passcodes
If you have System Center Configuration Manager, you can use built in, native reporting to find all the devices that do not have passcodes.
2. Create a profile with the desired passcode requirements – simple to really complex
3. Put the profile in a SCCM package (and add other profile info like POP/IMAP email, WiFi, VPN settings) and deploy it to the collection of those who don’t have passcodes – or, preferablhy - to all devices
Done
With QMX – Configuration Manger Mobile Edition (both SCCM 2012 and 2007), you can always selectively wipe the profiles that you put on a BYOD device without messing with the user’s personal stuff. And you can choose to make the profiles mandatory or not.
With QMX you can remotely lock, selectively wipe, totally wipe, clear passcodes – everything. So, don’t lose time worrying about it. With SCCM and QMX, you can rest assured that when mobile devices get lost – and they will – that your sensitive data won’t be found.
“Lost time is never found again.”
-Benjamin Franklin-
Related blog post:
BYOD : Combining System Center Configuration Manager ( SCCM ) and QMX to Manage iPads, iPhones and Androids in the Bring Your Own Device world
Videos | Free Trial Download | Contacts
Check out the QMX Videos
Check out the new Android extension: Security features include Remote Wipe, Lock and Reset Passcode; Inventory information showing installed applications and device/OS properties; set password requirements via profile distribution and more.
Check out the new iOS extension: All of the above and app deployment, too!
Other Helpful Links
Questions?
Contact SystemCenterSales@quest.com
