Talk about risky business.
Mobile devices are wide open to data security threats, perhaps much more than consumers and companies might have thought.
Skycure, a Palo Alto-based mobile security defense firm, just issued its first ever Mobile Threat Intelligence Report. In it, the company reports that 41% of all mobile devices are at a "medium to high" data security risk level. Furthermore, the rate of high-risk devices is going in the wrong direction, as device security vulnerabilities grow "larger every month," Skycure reports.
Skycure says it measures the security of mobile devices using its own formula, called the Mobile Threat Risk Score, "which takes into account recent threats the device was exposed to, device vulnerabilities and configuration, and user behavior."
Both consumers and companies that issue mobile devices to employees and manager aren't doing a good job of securing those devices, either. The Skycure report states that over 52% of all devices don't have a passcode enabled, and 30% of devices were "running an out of date operating system." Android phones, the report states, are particularly open to data security attacks.
"Threats to mobile devices are real and based on what we're seeing in this report people aren't doing enough to protect themselves," notes Adi Sharabani, CEO of Skycure. "That's why we're bringing invisible mobile threats to the surface, so that enterprises can fight the bad guys on a level playing field."
For consumers, securing their mobile phone data is an ever constant, uphill battle. "Your mobile phone is constantly at risk," says Michael Sorrentino, a veteran television producer and founder of the EyePatch Case, which helps consumers better protect their cell phones. "Whether you want to accept the fact that sophisticated software is becoming more accessible or not, anyone can access almost anything on your phone by guessing your simple password," he says.
Sorrentino recommends using a more complex phone or tablet password, rather than the default 4-digit code. "Also, enable 'Find my Phone' or similar apps which are available on all major platforms, thus allowing you to wipe your device clean, or locate it when lost," he adds. "Then enable two-step verification on your email and social media accounts. You'll get a text or email notification when someone tries to access it from another device."
Joe Siegrist, CEO and co-founder of LastPass, a Washington, D.C.-based password security firm, advises consumers to lock their device screen. "It's a simple step, but locking your screen is very important in protecting your phone from someone that gets physical access to it," he says. "Most phones let you set up at least a 4-digit PIN or a Pattern. Many let you set a full passcode, which is more secure. Once you set up the screen lock, you'll be prompted for the PIN or code after a designated period of time."
"After you set the screen lock on your device, set a timer so that you're prompted to enter the PIN or passcode after a period of inactivity, preferably a short one," Siegrist adds. "Above all else, use strong passwords. Protecting the information that you send and receive on your phone is just as important as preventing physical access to it. That's why a strong, different password should be used for every single web service, app, and account you sign up for."
Of course, the best defense against losing any personal financial data on your phone or tablet is to not put any personal data on the device at all. "Storing your personal sensitive data or on your phone is an egregious sin," says Scott Greene, a computer forensics expert at Evidence Solutions, Inc., a forensic security company. "Phones disappear. Phones can be hacked or merely accessed by a casual user. Storing personally identifiable information (PII) on a mobile device merely increases the risk of the data being stolen."