Lost devices access work email, says Sophos

A fifth of lost electronic devices have access to work email, exposing confidential corporate data, a survey from Sophos has revealed

A fifth of lost electronic devices have access to work email, exposing confidential corporate information, a Sophos survey has revealed.

Some 42% of lost devices do not have any basic security measures in place, according to a survey commissioned by security firm Sophos that polled more than 1,000 UK consumers.

The worry for businesses is that the lack of security awareness will inevitably seep into the corporate environment, said James Lyne, director of technology strategy at Sophos.

“Access to corporate email on lost devices opens up a potential security hole in the infrastructure. The lack of precaution and awareness risks putting businesses in the firing line when it comes to complying with data privacy legislation and protecting sensitive information,” Lyne said.

A fifth of respondents admitted their mobile devices contained sensitive personal information such as national insurance numbers, addresses and dates of birth.

More than 10% have payment information such as credit card numbers and PINs, while 35% of the lost devices have access to social networking accounts via apps or web browser-stored cookies.

The survey found the age of the respondent correlated to the likelihood of a device being lost and the security measures deployed. 

Younger users, aged between 16 and 24, are over four times more likely to lose an electronic device compared with adults aged between 55 and 64. 

But the older generation are less likely to have any security measures in place on lost devices, with 59% having no security precautions, compared with 45% of 16 to 24 year olds.

"That the younger generation is more likely to have enabled security is a promising sign that people are beginning to realise the need to protect data held on electronic devices,” said Lyne.

But the number of those with protection is still too low.  

“As we begin to rely on and invest more in our electronic devices, there needs to be a shift across the board in the attitude and education surrounding mobile, laptop and tablet security," said Lyne.

More than half of those surveyed were never able to recover the lost device. Although one fifth got the device back in 24 hours, the return rate dropped significantly after this time.

"It’s vital we educate the general population about how to protect themselves when using new technology and how to apply best practices across all electronic devices to create a more secure environment,” said Lyne.

Businesses too should ensure their traditional IT security educational policies extend to laptops and mobile devices, otherwise they are spending significant amounts of time and money securing data in one part of their infrastructure only to allow the same information to walk out of their building on an unsecured employee device, he said.

Mobile manufacturers should also be challenged to make these devices more secure, Lyne added.


Read more on Endpoint security