Password-Free Phones Pose ID Theft Threat


Take your company's most sensitive documents, shove them in a plastic grocery bag and walk outside in a rainstorm. This will make you as effective at corporate secrecy as one-third of IT workers, when it comes to safeguarding their phones.

According to a survey of 227 IT professionals, a majority of whom are employed by large companies, a devil-may-care 35% don't use passwords on their business phones. This wouldn't merit a mention if the survey, conducted by London-based security firm Credant Technologies, hadn't also found that 80% of its respondents kept clients' contact information on their phones.

Coupled with the 23% who keep work e-mail and 12% who keep calendars on their smart phones, IT workers have become walking file closets - and companies want the keys back.

"The idea of taking a notebook computer on the road without protecting the device or certain files is a regrettable concept, but workers just don't feel that the information that's available on their phone is that sensitive," says Charles King, principal analyst for Hayward, Calif.-based research firm Pund-IT. "They haven't quite gotten it through their heads that the phones are gateways to very valuable information that should be secured."

In the case of former Telstra Chief Executive Sol Trujillo, who lost his HTC Touch at the GSMA Mobile World Conference in February, his company resolved the situation by deleting the contents of his phone remotely using a security program.

While Microsoft's Windows Mobile (which Trujillo's phone used), Apple's iPhone 3.0, Symbian, Research In Motion's BlackBerry and Google's Android operating systems can lock and delete files remotely, the maker of once such application say it's no excuse for password passivity.

"You need security in many different layers and, on a mobile device, the password is the first layer," says Patrik Runald, chief security adviser for F-Secure, which has developed anti-theft features for Windows Mobile devices. "From the point where you realize 'oh no, I lost my phone' to the time when your IT folks can block and wipe it or you can do it yourself could be hours, and at that point it could be too late."

In fairness to IT folks, it's not as if the general population takes much interest in securing its own information. Credant found earlier this year that 40% of all users pass on passwords for sensitive information on their phones, such as bank and credit card accounts. Among IT professionals, only 12% and 5% keep bank and credit card information on their phones, respectively.

"If the users aren't willing to secure themselves and more than a third of IT users don't use password protection, it may be time to push security management further up the stack and make it an inherent part of managing the phone," King says.

—For the best rates on loans, bank accounts and credit cards, enter your ZIP code at

Show Comments

Back to Top