The holiday season is upon us and, as usual, many people are planning on taking time off from work. But with the proliferation of mobile devices such as smartphones, “time off” doesn’t exactly mean what it used to. Symantec recently conducted a survey to uncover enterprise mobile device users’ expected smartphone habits and usage patterns – particularly those that relate to mobile security and management – while out of the office over the holiday season and in general. Here is a look at the key findings:
The interesting thing about this finding is that 62 percent of respondents do not simply plan to access confidential data on their smartphones, but expect they will need to access this sensitive data while away from the office during the holiday season. Sure, respondents might access and view this data in the privacy of their home, but in all likelihood, many will do so in public, possibly while standing in a crowded shopping mall or sitting in a movie theater with strangers all around. The point here is that mobile device users need to be aware of their surroundings and the potential criminals lurking over their shoulder dying for a sneak peek at those employee social security numbers or that network username and password.
To be honest, we were a little surprised that only 18 percent said they actually pay very close attention to license agreements when downloading mobile apps. Surprised, but not pleased, that is. Our hope was that even more smartphone users are paying closer attention to the data and services they are giving apps permission to access.
Now we’re fully aware that most users do not really read license agreements when installing software on their computers, but the fact of the matter is users are naturally a little more wary of what gets installed on their computers and are therefore at less risk in this regard than on smartphones. With mobile devices, downloading a new app is almost done without any thought at all, it has become second nature. To add to this, desktop or laptop computers typically don’t have built-in GPS technology like most smartphones do. Thus, because an app could potentially track a users’ geo-location by having access to the phone’s GPS, personal safety becomes a real concern, especially if a user doesn’t even know they are giving that information away.
There was really no surprise that work-related and personal email, phone calls and texting topped the list of activities being done during the holidays. Not far behind, however, was surfing the Web and accessing social networking sites. Aside from phone calls, these activities could be considered higher risk in terms of encountering a mobile threat and highlight the fact that attackers have plenty of channels available to them to attack smartphone users. Another thing that stuck out to us was despite the high number of respondents who said they plan on surfing the Web and accessing social networking sites, a relatively low number (only 20 percent) said online shopping from their Smartphone is on their agenda.
Combined, these findings tell us that users are catching on to a key security best practice, but they aren’t quite there yet. Only 14 percent of respondents said they are very likely to open an unsolicited email message from an unknown sender, which tells us users have gotten the message that such emails likely carry malware or a link to a malicious website. However, more than twice as many – 29 percent – said they are very likely to open an unsolicited text message from an unknown sender. Since these messages can lead to malware, phishing and other threats just the same as other more traditional methods, users need to apply the same discretion they use in opening unsolicited emails to text messages.
The findings also revealed that the loss or theft of a device is the primary security concern among most users. However, malware held a strong position as the second greatest concern.
Perhaps related to the previous finding, one of the most encouraging results was that the vast majority of respondents use the “lock” feature on their smartphones. Better yet, the majority of those respondents said they actually have their smartphones configured to require a password to unlock the devices. These practices can go a long way in protecting data if a device indeed does fall into the hands of a criminal.
To close, here is a quick recap of the top mobile security and management best practices users and enterprises alike should follow. These will help keep both mobile devices and the data accessible through them safe throughout the holiday season and beyond:
- Encrypt the data on your mobile device – The business-related and even personal information stored on mobile devices is often sensitive. Encrypting this data is a must. If a device is lost and the SIM card stolen, the thief will not be able to access the data if the proper encryption technology is loaded on the device.
- If at all possible, use security software on your smartphone – Security software specifically designed for smartphones can stop hackers and prevent cybercriminals from stealing your information or spying on you when you use public networks. It can also eliminate annoying text and multimedia spam messages. It can detect and remove viruses and other mobile threats before they cause you problems.
- Make sure all software is up-to-date – Mobile devices must be treated just like PCs in that all software on the devices needs to be kept up-to-date, especially the security software. This will protect the device from new variants of malware and viruses that threaten your company’s critical information. Enterprises should consider implementing a mobile management solution to ease this process.
- Use caution when enabling Bluetooth connections – A phone’s Bluetooth setting is usually on by default, so it will need to be turned off or paired with a device. If not, the phone will look for other Bluetooth-enabled devices to connect to, and could result in malware being loaded onto the device.
- Avoid opening unexpected text messages from unknown senders– Just like emails, attackers can use text messages to spread malware, phishing scams and other threats among mobile device users. The same caution should be applied to opening unsolicited text messages that users have become accustomed to with email.
- Users should be aware of their surroundings when accessing sensitive information – Whether entering passwords or viewing sensitive or confidential data, users should be cautious of who might be looking over your shoulder.
- Users should password protect access to mobile devices – In addition to encryption and security updates, it’s important to use passwords to protect mobile devices. This will go a long way in keeping a thief from accessing sensitive data if the device is lost or hacked.
- Focus on protecting information as opposed to focusing on the devices – Instead of solely focusing on the mobile devices themselves, IT departments should take a step back and look at where the organization’s information is being stored and should then protect those areas accordingly.
Complete survey results summary:
|
1. In which world region are you located?
|
|
North America
|
|
58%
|
|
Mexico / Latin America
|
|
3%
|
|
Europe, Middle East, Africa
|
|
32%
|
|
Asia, Pacific Islands
|
|
6%
|
|
India
|
|
2%
|
|
Total
|
100%
|
|
2. Do you use a smartphone (i.e. BlackBerry, Android device, iPhone, Windows Mobile phone) in connection with your employment?
|
|
Yes
|
|
100%
|
|
No
|
|
0%
|
|
Total
|
100%
|
|
3. Do you anticipate taking time off from work in connection to the upcoming holiday season (i.e. Thanksgiving, Christmas, Kwanzaa, Hanukkah)?
|
|
Yes
|
|
92%
|
|
No
|
|
8%
|
|
Total
|
100%
|
|
4. Which of the following do you expect to use your smartphone for while taking time off from work in connection to the upcoming holiday season? (Please select all that apply.)
|
|
Work-related email
|
|
81%
|
|
Personal email
|
|
77%
|
|
Work-related phone calls
|
|
64%
|
|
Personal phone calls
|
|
81%
|
|
Work-related SMS texting
|
|
48%
|
|
Personal SMS texting
|
|
74%
|
|
Work-related calendaring
|
|
57%
|
|
Personal calendaring
|
|
45%
|
|
Surfing the Web
|
|
68%
|
|
Online shopping
|
|
20%
|
|
Downloading apps
|
|
44%
|
|
Social networking (i.e. Twitter, Facebook, LinkedIn)
|
|
68%
|
|
Accessing a work-related network (i.e. intranet)
|
|
10%
|
|
Using work-related applications
|
|
13%
|
|
Viewing/modifying work-related documents
|
|
17%
|
|
I do not plan on using my smartphone
|
|
5%
|
|
5. During your time off work around the upcoming holiday season, what percentage of time spent on your smartphone do you anticipate you will doing work-related activities versus personal activities?
|
|
100% work-related, 0% personal
|
|
8%
|
|
75% work-related, 25% personal
|
|
17%
|
|
50% work-related, 50% personal
|
|
16%
|
|
25% work-related, 75% personal
|
|
50%
|
|
0% work-related, 100% personal
|
|
10%
|
|
Total
|
100%
|
|
6. Do you anticipate any of the work-related activities you expect to do on your smartphone while taking time off from work for the upcoming holiday season will involve sensitive or confidential information?
|
|
Yes
|
|
62%
|
|
No
|
|
38%
|
|
Total
|
100%
|
|
7. How likely are you to open an SMS text message on your smartphone from an unknown sender?
|
|
Very likely
|
|
29%
|
|
Somewhat likely
|
|
19%
|
|
Somewhat unlikely
|
|
20%
|
|
Very unlikely
|
|
32%
|
|
Total
|
100%
|
|
8. How likely are you to open an email message on your smartphone from an unknown sender?
|
|
Very likely
|
|
14%
|
|
Somewhat likely
|
|
25%
|
|
Somewhat unlikely
|
|
25%
|
|
Very unlikely
|
|
37%
|
|
Total
|
100%
|
|
9. When downloading apps for your smartphone, how closely do you pay attention to license agreements, including permissions requested by the app to access data and services - such as the GPS - on your phone?
|
|
I pay very close attention and read the license agreements carefully to determine what data and services I am giving the app permission to access on my smartphone.
|
|
18%
|
|
I scan the license agreements, but don't pay very close attention to them or what data and services I am giving the app permission to access on my smartphone.
|
|
33%
|
|
I accept the license agreements without reading them, assuming it is safe to give the app permission to access any data and services on my smartphone.
|
|
35%
|
|
I do not download apps on my smartphone.
|
|
14%
|
|
Total
|
100%
|
|
10. Most smartphones have a "lock" feature that prevents the accidental pressing of keys and also unauthorized access. Do you use the "lock" feature of your smartphone?
|
|
Yes
|
|
82%
|
|
No
|
|
18%
|
|
Total
|
100%
|
|
11. Have you configured your smartphone to require a password to "unlock" the device?
|
|
Yes
|
|
81%
|
|
No
|
|
19%
|
|
Total
|
100%
|
|
12. Please rank the following smartphone security issues based on your level of concern for each, with one being the most concerning and three the least concerning.
|
|
Top number is the count of respondents selecting the option. Bottom % is percent of the total respondents selecting the option.
|
1
|
2
|
3
|
|
Loss/Theft
|
68%
|
12%
|
21%
|
|
Malware
|
23%
|
56%
|
21%
|
|
SMS text phishing ("SMShing")
|
9%
|
32%
|
58%
|
|
13. If your smartphone were lost or stolen, on which of the following would you place greater value?
|
|
The device itself (hardware)
|
|
44%
|
|
The data stored on the device
|
|
56%
|
|
Total
|
100%
|
|
14. Did you know that there are mobile security software solutions available from vendors such as Symantec to protect your smartphone?
|
|
Yes
|
|
63%
|
|
No
|
|
37%
|
|
Total
|
100%
|
|
15. Do you use third-party mobile security software on your smartphone?
|
|
Yes
|
|
23%
|
|
No
|
|
77%
|
|
Total
|
100%
|
|
16. Which of the following characterizes your overall opinion of smartphone security software?
|
|
There is no need for smartphone security software, and there will not be a need in the foreseeable future.
|
|
3%
|
|
Smartphone security software is unnecessary at this point in time, but perhaps it will be more needed in the future.
|
|
19%
|
|
Smartphone security software is beneficial, but not essential.
|
|
50%
|
|
Smartphone security software is essential.
|
|
28%
|
|
Total
|
100%
|