As People continue to accumulate numerous passwords for their online social networking sites, personal e-mail and online banking, most People seem to have no problem logging in with different passwords for different applications to protect THEIR PERSONAL information.
So we know People can handle passwords!
The key then for Managers (including IT Managers) is to help People (boards, employees, vendors, contractors, partners, etc.) understand the importance of THEIR ORGANIZATION’s information.
However, a recent survey by Credant Technologies revealed that 35% of IT Security professionals do not use a password on their business phones or smartphones, even though they contain sensitive and confidential information! Information may include: business names and addresses, business and personal e-mails, bank account details, credit card information, photos, and even passwords and PIN numbers. If a mobile device goes missing and it contains corporate or personal data within business e-mails, then an organization is immediately in breach of one or more data protection acts for failing to protect electronic data and exposing clients and personnel to identity theft.
If 35% of IT Security professionals are not implementing best practices and protecting this information, why are we surprised that non-security professionals are not following policies and procedures??
This survey is yet another example showing how the lack of implementation can lead to embarrassing, expensive and unnecessary data breaches, non-compliance related fines and lawsuits.
Most likely, your organization has a policy stating password requirements for securing mobile devices, but has this policy been implemented at the individual-level?
Can you ensure that all of your employees have read and understood these requirements and have implemented the appropriate passwords and encryption on their mobile devices?
How do you make your employees accountable for implementing their responsibilities and obligations?