Password and Mobility Security: Something Needs to Be Done
by Stephen Comeau
It's truly amazing how many people these days take the simple password for granted.
Throughout my IT career, I have seen it time and time again in ways and in places one would hardly believe. Weak passwords, no passwords, shared passwords, the list goes on.
It actually shocks me how many people take such a simple - yet important - thing like this for granted.
It seems I've been telling people about this repeatedly. I can preach to them until I am blue in the face. Yet, few seem to listen. That is, until Doomsday comes; then all of a sudden, everyone begins to show up at my doorstep, crying "How could this happen to me!" Gee, I wonder...
The problem seems to be progressively worse with mobile devices, like smartphones.
It is almost terrifying to note how few people out there actually bother to activate any substantive security at all on their phones, let alone a simple password to lock the screen. In fact, most users complain about how inconvenient it is to have to implement even basic security measures. Yet, how could the use of a simple four-digit pin come off as appearing to be more of a nuisance than the immeasurably greater risk and worry associated with refusing to add one. Not realizing how dangerous it is to do without a minimal amount of mobile security protection, too many people proceed in an insecure and mindless way with their technology.
In this era of out-and-out cyber-warfare, gone is the time when one can leave the door to one's data unlocked.
You wouldn't leave your car or house unprotected; so please explain to me why someone would leave a device that potentially contains, not only a slew of valuable information, i.e., just about everything that could possible identify you, but a lot about family and friends, unprotected. Totally unprotected! It just boggles the mind.
Yet, on average more than 34 percent of our national mobile users left their phones completely unprotected in 2014 (according to a nationwide Consumer Reports survey). The scariest part of it is that the number actually jumped from 2013 by five percent. This figure is indeed worrisome, especially when you consider the estimated 328 million mobile devices currently in use in the United States today.
In the news, you glimpse repeated stories about bizarre cyber-attacks taking place all over the world. And you hear over and over again about how important it is to protect your data; still, so many prospective victims just don't seem to take the message seriously. This leads me to believe that we as IT security professionals aren't making that message clear enough, maybe not communicating it in quite the right terms. We have to find a better way to stress the main points to the public, else the biggest cyber Doomsday of all might yet occur.
This brings me to what frustrates me the most: people who are supposed to know better, yet who don't have any security active on their own mobile devices. (Yes, you know who you are!) Let me just say to them in passing, it is one thing to be totally ignorant of an issue. It just plain stupid to be completely aware of that issue, and of the consequences of a total lack of basic security, and then proceed to do nothing about it.
This is why I'd like to take a minute to emphasize this second, crucial point, the point about the need for mobile security.
From an even larger perspective, and moving forward in our discussion, there is a lot more involved in mobile security than just implementing a rudimentary level of password protection. Critical measures include encrypting your mobile device, virus and firewall protection, implementing monitoring software, and employing mobile tracking and remote wiping software.
These are free and simple methods to employ, steps that give your mobile device a better security profile. Still, only 22 percent of people in the United States bother to install any type of location software to guard against the possibility of their mobile devices being stolen. This 22 percent is the best it gets in terms of statistics for mobile device security. From here, the numbers (according to the nationwide Consumer Reports survey) just continue to spiral downwards, through even weaker levels of implementation for mobile devices.
Whether it is attributable to a lack of user knowledge, or to just plain laziness, something desperately needs to be done to turn this situation around. Our mobile devices contain way too much sensitive information to be left sitting unprotected, open to the whole wide world.
In conclusion, I leave you with this far more hopeful vision: Just imagine for a minute how much safer everyone would be if even the bare essentials of mobile security were implemented on everyone's mobile device.
How many fewer Doomsdays do you think we would later see?