Most Millennials believe that, as a member of a generation raised on technology, they are pretty savvy when it comes to online privacy and cybersecurity. However, a new report discovered this is far from the truth.
A recent survey by security firm Lookout of more than 1,000 smartphone owners found that over half of those who claimed to be knowledgeable about security didn’t read the privacy policies on applications before downloading them. Another 35 percent downloaded mobile apps from sources other than official marketplaces and one-third of survey respondents didn’t even protect their devices with a PIN or passcode.
Results of the survey reveal that the individuals claiming to be the biggest privacy experts are the most likely to do something risky with their mobile device, such as connecting to unsecured public Wi-Fi or visiting unfamiliar sites. While it may seem like these are harmless behaviors, they leave smartphones – and the sensitive personal information stored within them – vulnerable to malicious actors, according to Lookout mobile safety advocate Cherie Gatson.
“Mobile devices are small but mighty,” Gatson said. “[But] because these devices fit in our back pockets, we sometimes forget that they carry immense amounts of highly sensitive data. It’s important to understand that once any device has the ability to store confidential or personal data, there’s now an incentive for cyber criminals to target it.”
The report also found what appears to be an “it won’t happen to me” mentality among smartphone users. According to the study, 44 percent of mobile devices owners believed apps were mishandling or misusing their personal data but 56 percent of respondents still admitted to downloading apps without reading the permissions required. Perhaps most surprising is that one-third of participants said they would give an application more personal data if using it made their lives easier. Clearly, a great number of smartphone users have an inflated sense of security when it comes to mobile applications and Web surfing. And while this may seem like an individual issue, businesses must take note of the mobile practices of their employees as they can pose a threat to enterprise networks.
Keeping enterprise data safe despite careless users
It’s nearly impossible for a company to keep its workers from downloading their own applications, since IT departments can’t police devices 24/7. Stopping people from using their preferred programs can also cause a decrease in productivity and job satisfaction. Everyone has a specific way in which they like to complete their processes and forcing people to use apps and systems they don’t like or understand is counterintuitive. In order to protect sensitive enterprise information from malicious actors while still allowing employee flexibility, businesses need to take an inventory of applications being used in the workplace and find the programs that are the most common and add the most value to the company.
Once these programs have been vetted by the IT department, they should be added to a list of approved programs that have been deemed safe for corporate use. Any application that doesn’t appear on the list can be blocked for download on company devices. Application whitelisting, as this practice is known, allows enterprises to accommodate employee preferences while still ensuring the security of business critical networks and data.