If you think you use mobile devices securely, consider this new Sophos data

New data from an innovative study by security software vendor, Sophos, shows an eggregious lack of security awareness among the owners of USB drives that were lost.

How do they know?  They bought 50 devices at a Sydney, Australia rail company's auction of “lost and found” items. It was a great way to obtain a real sampling of what kind of security practices people apply to their USB drives. But what they found should make you stop and think about how you protect your own mobile devices.

Here’s a quick snapshot of the Sophos findings, and their lessons learned.

Malware is Everywhere

Two-thirds of the devices had malware on them that is known to infect Windows systems. Seven infected devices were clearly owned by Mac users, who would have been spreading this malware, even if their machines did not become infected themselves.

Lesson #1: Remember to scan any device that has been used in another computer (i.e. from friends, coworkers, or even your own device if you lend it to somebody to copy a file for you). Even Mac users should now use anti-malware protection. So, you have to assume that every device around you is infected with hostile malware.

Nobody Protects Sensitive Data on Mobile Devices

None of the devices had any kind of safeguards applied to them such as encryption, biometric or password protection. So, all of the data was easily accessible, and included documents related to personal taxes, activist meetings, university assignments, family photos, CV’s and source code of software programs.

Lesson #2: Use encryption to protect any files you put on a USB device. You never know when or where it might be lost, and to what risks you might be exposing yourself.

Here’s a link to the original Sophos blog post with the description of their study.

http://nakedsecurity.sophos.com/2011/12/07/lost-usb-keys-have-66-percent-chance-of-malware

Conclusion

So, this kind of study shows how lax most of us still are with respect to protecting our mobile data and devices.

We are clearly not getting any better at managing the risks of mobile device usage. In upcoming columns I plan to discuss more about mobile risks around other types of mobile devices that we all use on a daily basis.

Unfortunately, I expect that 2012 will be a particularly bad year for mobile risks. With the explosion of powerful new phones and tablets, and very little in the form of inherent security features in operating systems like Android, we are all on our own when it comes to making sure we don’t get burned by the convenience of these new devices.

What do you think about the mobile security risks in the coming year?