Whether the company allows employees to bring in personal devices or issues smartphones to users, those devices will likely contain sensitive corporate and personal information. And unfortunately, people may use those devices in ways that jeopardize the security of the data.
Here are the top five mobile security mistakes users make:
1. Downloading privacy-invading apps
The good news: A slight majority (57%) of people have avoided downloading a mobile app or deleted an app they’d installed because it collected too much personal information, according to a recent survey from the Pew Internet and American Life Project. Of course, that still leaves 43% of smartphone users that allow their apps to collect personal information and store it on a company’s servers.
2. Losing phones
In addition to data being leaked, there’s also a significant risk of a smartphone itself falling into the wrong hands, as 35% of U.S. adults have had a mobile device lost or stolen, according to Symantec’s recent Cybercrime Report. But despite those risks, two-thirds of people don’t use mobile security applications that could help them protect data when someone else has the device.
3. Failing to back up data
In addition, despite the chances of a phone being lost or stolen, just 18% of smartphone users in Pew’s survey frequently back up the data and contact information on their phones. Another 41% perform backups every now and then, while 39% never back up the data on their smartphones.
4. Letting others use the phone
Aside from losing a phone or having it stolen, people may also run into mobile security problems when they knowingly let someone else use the device. In fact, 12% of people have had another person access their smartphone in a way that made them feel their privacy was invaded, according to Pew’s survey.
5. Connecting to unsecure Wi-Fi networks
In order to save money on their data plans, many smartphone users will connect their devices to Wi-Fi networks whenever they can — and often that means connecting to unsecure free networks in public places. In fact, two-thirds of the respondents in Symantec’s survey say they use public Wi-Fi networks — even though 53% of those people are concerned about the security of those connections.
Promote and enforce mobile security
Whether the company issues smartphones to users or has a BYOD program, IT must help people avoid making those mobile security mistakes while using devices that contain sensitive corporate data. There are two basic ways IT should do that, which can be used in combination:
The first is by using mobile device management (MDM) software to enforce security policies and practices. For example, MDM tools can be used to set configurations, remotely wipe a lost or stolen device, and push software updates. When users bring their own devices, IT can require the MDM application to be installed before the device connects to the network.
The second approach: training users on mobile security. With more than half of users making app decisions based on information privacy, Pew’s survey shows that users do care about mobile security, at least when it comes to their own personal information.
IT can use that to its advantage and include tips about keeping personal data safe when using smartphones. Explaining the threats they face and what they can do about it will help keep mobile security at the top of users’ minds.