IT security professionals just as prone to 'password fatigue'
IT security professionals have confessed that they are suffering from 'password fatigue' when it comes to using their mobile devices, leaving their confedential data exposed to personal and corporate identity theft should the devices fall into crooked hands.
The admission comes in a survey by endpoint data protection firm Credant Technologies, which conducted a survey among 227 IT professionals with the majority drawn from companies that employ more than 1000 people. Its findings also highlight the fact that staff who neglect to protect corporate data are putting their employers in breach of the Data Protection Act.
Thirty-five per cent of the survey sample revealed that they 'just don’t get around to using a password' on their business mobile phones and smartphones, even though they acknowledge that they should as they contain sensitive and confidential information. Indeed, the survey suggests that IT professionals are only marginally better at using passwords than the general population, as a survey conducted earlier this year (2009) by Credant found that 40 per cent of all users 'don’t bother with passwords' on their mobile phones.
The varieties of information that IT professionals are storing on their mobile devices, many of which are unprotected with a password, include:
- Business names and addresses (80 per cent).
- Personal names and addresses (66 per cent).
- Business emails (23 per cent).
- Personal emails (16 per cent).
- Bank account details (12 per cent).
- Business diary with details of all their appointments and meetings (12 per cent).
- Personal diary (7 per cent).
- Credit card information (5 per cent).
- Photos (4 per cent).
- Passwords and PIN numbers (1 per cent).
“It is alarming to note that the very people who are responsible for IT security are not much better at protecting the information on their business phones than most of their co-workers - who don’t necessarily know any better," says Credant senior VP of operations and co-founder Andrew Kahl. “If a mobile or smartphone goes missing, isn’t protected with a password, and contains business names and addresses and other corporate data such as business emails, then the company is immediately in breach of the Data Protection Act by failing to meet some of its principals on electronic data.”
According to the IT professionals surveyed, the worst culprits at addressing mobile security within their companies are typically the sales teams, followed by the board of directors, and senior management. Human resources personnel come out as the best at keeping their mobiles aligned to the corporate mobile security policy.