Users and how they configure their devices can also threaten the security of enterprises. A user can compromise security, compounding risk when insecure apps are involved. For example, we find that 43 percent of mobile users do not use a passcode, PIN, or pattern lock on their device. If a user doesn’t enable one of these security features and someone steals or finds the device, they would have mostly unfettered access to the data on the device, including SMS messages, emails, geo-location data, and photos. Most security features on a mobile device, including encryption and remote wipe, is ultimately dependent on having set a user passcode.
Other configuration issues can impact device security, including encryption settings, the enablement of USB debugging, and apps installed from unknown sources. Altogether the configuration plays a key part in activating the security capabilities of the mobile OS.