Full Report
ESET study reveals many IT professionals are guilty of storing indecent material on their mobile phones, which would leave them embarrassed if lost.
Analysis Summary
# Main Topic
Survey findings from ESET indicating a significant percentage of IT professionals store potentially compromising or indecent material on their mobile devices, posing a personal and professional embarrassment risk if the device is lost or compromised.
## Key Points
- **39% of UK IT professionals** surveyed confessed that losing their mobile phone could expose personal photos, selfies, or information that would cause embarrassment.
- **46% of respondents** admitted that the loss and subsequent hacking of a phone containing work information could compromise their company.
- A worrying **15%** were not confident that photos taken on their phone were not being streamed to other family members.
- **22%** of respondents, despite storing compromising data, do not have a remote wipe facility enabled on their device.
## Threat Actors
- The report primarily focuses on the **risk presented by loss/theft** leading to exposure, rather than specific named threat actors or organized crime groups.
- The implied threat actor is a **cybercriminal or opportunistic individual** who gains access to a lost or stolen device.
## TTPs
- **Data Storage:** Storing sensitive or compromising personal data (photos, selfies, etc.) directly on the mobile endpoint.
- **Device Loss/Theft:** The primary vector for initial exposure.
- **Data Access:** The potential for unauthorized access to device contents following loss (if the device is not remotely wiped or securely locked).
## Affected Systems
- Mobile phones (specific operating systems or models were not detailed, but the focus is on personal devices used by IT staff).
- The affected population includes **500 IT professionals** surveyed at IPEXPO in October 2014.
## Mitigations
- **Data Management:** Delete unnecessary photos and download needed content frequently to a secure computer.
- **Security Controls:** Use a strong password on the phone at all times.
- **Backup & Recovery:** Perform frequent backups and verify they are functional.
- **Remote Security:** Strongly advise deploying security solutions that offer **remote lock and remote wipe** capability for immediate data protection upon loss.
- **Email Management:** Restrict the duration emails are stored on the mobile device.
## Conclusion
The study highlights a significant cultural risk within the IT professional community regarding data hygiene on mobile devices. The potential for personal and professional compromise due to lost endpoints is high, especially given that nearly a quarter of respondents lack a remote wipe feature. Immediate prioritization of endpoint security controls, specifically remote wiping capabilities, is necessary to mitigate the high risk associated with on-device storage of sensitive content.