Mobile devices contain some of our most personal information. And yet a shocking number of people fail to take basic steps to secure their smartphones, according to a recent report from Pew Research Center revealing that more than a quarter of Americans—28 percent—don’t use a lock screen or other security feature when accessing their smartphones.
Here’s a closer look at other noteworthy findings from Pew on the topic of cybersecurity, along with why these behaviors represent a significant threat to the safety and security of all organizations.
Falling Short of Best Practices
According to Pew’s findings, 64 percent of Americans have personally experienced a major data breach; 41 percent have encountered fraudulent charges on their credit cards; 35 percent have been notified that sensitive information had been compromised; 16 percent and 13 percent said that their email accounts and social media accounts, respectively, had been taken over by someone else; 15 percent had been notified that their Social Security numbers had been compromised; 14 percent said someone had attempted to take out a line or credit or loan in their name; and 6 percent said someone had impersonated them to file a fraudulent tax return.
While these figures are eye-opening on their own, what makes them truly alarming is that despite these serious issues, many Americans still fail to follow best practices for cybersecurity in their daily lives. Cybersecurity experts recommend that consumers take several steps to safeguard their devices—and the data they contain—from security breaches. However, from failing to use password protection strategies to not installing updates to their phones’ smartphone apps or operating systems, many Americans are woefully careless about their digital presence.
Factor in that more than half of online adults (54 percent) admit to using potentially insecure public Wi-Fi networks—and one-fifth of those performing online banking, e-commerce, and other sensitive activities on these networks—and the cybersecurity threat heightens.
Not a “Top-of-Mind” Concern
The conclusion, according to Pew? Despite these troubling statistics, “cybersecurity is not a top-of-mind worry for most Americans.” In fact, more than twice as many online adults don’t worry about personal password security than those who do (69 percent versus 30 percent), and even Americans who have personally been victimized by a major data breach are just as unlikely as others to take additional steps to secure their devices.
But what about when these devices contain information that’s not just sensitive to them personally, but also to their employers, who have much more to lose? This question is becoming increasingly critical in the era of the mobile workforce and BYOD.
Says Symantec, “Safety measures can only work when they’re implemented. Unfortunately, studies of human behavior show us people don’t always what’s best for them. Behaviors like leaving devices unlocked, downloading apps, browsing invalidated sites and opening unknown email attachments puts users’ personal data at risk. If those same users use those same devices in workplace BYOD programs, that risk grows exponentially.”
The takeaway is clear for cyber safety-minded organizations: While you may not be able to rely on your employees to adhere to best practices if left to their own devices (excuse the pun), there are some things you can—in fact, must—do to protect your organization and its confidential data. In addition to implementing stronger user authentication strategies and other organizational best practices for mobile workforce management, improving your employees’ “security IQ” is also essential.
According to mobile device expert security Tamara Law, it all comes down to simplicity. She told Symantec, “The easier you make things, the stronger your security will be. It’s about making sure your people, processes, and technology are all working together. Educate your people, make sure you have the right processes to ensure the right people get to the right information – and that you can take action if a mobile device is lost or stolen.”
Which begs the questions:
- Does your organization have best practices in place to minimize risk? Are you communicating them regularly?
- Are your employees communicating and sharing confidential documents in a way that is encrypted, secure?
- Does your organization have the ability to control employees’ phone security practices?
If the answer to any of these is “no”, your organization’s security, and future success, can be easily compromised.