A ticking time-bomb: the rise of personal data storage on mobile devices

There’s been a tremendous growth in the use of mobile in the last 20 years; and not just for making calls, mobile is now the predominant platform for email, instant messaging and data storage. And there are more mobile Internet users – 3.5 billion globally – than desktop Internet users. It’s clear the ability to communicate continuously and effectively is now vital for both everyday life and business productivity.

However, security remains one of the biggest challenges with mobility. Earlier this year, Checkpoint reported that 20 per cent of companies’ mobile devices had been breached – while nearly 1 million personal Android phones had been hacked. In the midst of a rapidly expanding cyber threat landscape, individuals and organisations are still struggling to best adapt to this new way of living and working.

Despite the forthcoming General Data Protection Regulation (GDPR), personal data storage is still an issue in the UK. British mobile users still are keeping large amounts of sensitive information on unsecured mobile devices, while new research has warned that only 12 per cent of UK citizens are fully aware of what GDPR means.

At the start of the year, Robert Siciliano, CEO of IDTheftSecurity warned Forbes “Our mobile devices are small digital assistants that carry as much—if not more—very personal information as our desktop or laptop. A lost, stolen or hacked phone provides an efficient way for a thief to steal your identity or drain your bank account.”

More recently, IT Pro Portal shared a report from Security firm Bitdefender, showing that almost half of users store their sensitive personal and private information on smartphones that are often neither updated or protected.

The findings also revealed that four out of ten UK smartphone users have no security solution installed on their devices and don’t update their firmware regularly – leaving them open to exploits that could expose their personal data. However, despite not securing their smartphones properly, 49 per cent of users were afraid that their mobile devices could be used to steal their identities.

While research released this month by business-critical software company, Civica found that many UK citizens are unaware as to the true use of their data. A staggering 30 per cent believe they always own their data even if they give it away and only half know that they can request the data that a company holds on them at any time. Yet, amazingly, 65 per cent believe their personal information is being shared without their knowledge.

Worryingly for the enterprise, smartphones and phablets are the most popular personally owned devices used for work, with 39 percent of employees using them, according to Gartner. And herein lies the risk to not just individuals’ personal data but sensitive organisational data as well.

Here are just a few things to consider, for protecting mobile devices:

• Enforce a solid IT policy: Ensure that your IT policy enforces password use, periodical password changes, and device wipe upon a fixed number of incorrect password attempts. 
• Update, update, update: Apps and operating systems should be continuously kept up-to-date.
• Mobile Device Management: By implementing a cloud-based MDM solution, policy enforcement is vastly improved along with centralised device governance.
• Evaluate your security options: And, finally, businesses should consider implementing a cyber security solution on mobile devices; to secure any data, monitor app data leaks and prevent access to specific applications, websites and more.

It’s clear the threat landscape is still one of the largest business challenges; firms need to ensure all aspects of mobile management are protected, whether the devices belong to the company or are brought in from home.

For more advice on mobile security management, get in touch – and take a look at our blog on a mobile strategy for the enterprise.