Believe it or not, it’s been more than two decades since the first smartphone was introduced in 1993. Though the Simon Personal Communicator from Bell South and IBM was a far cry from what we now think of when referring to smartphones, its ability to send and receive faxes, emails and cellular pages along with accessing useful applications was unprecedented for the time. Since then, technology has evolved rather remarkably; at the same time, user security measures haven’t.

Recently, password management company SplashData released its annual round-up of the worst passwords of 2015, showcasing that many people continue using passwords from the dark ages. The top five most used passwords included:

  1. 123456 (unchanged)
  2. password (unchanged)
  3. 12345678 (up 1)
  4. qwerty (up 1)
  5. 12345 (down 2)

It seems as though many individuals find it a pain to try to manage unique, long (and therefore strong) passwords despite the growth in password managers like KeePass, LastPass, Dashlane and SplashID. And not surprisingly, the trend of lazy passwords and loose security extends into mobile devices and apps as well as on desktops and laptops.

According to Duo Analytics, of employees who access company data with personal devices, one in three with Android devices don’t have lock screen passcodes. Additionally, one in 20 Apple devices is left unprotected by users not configuring a lock screen pin. Despite the value of this key element for encrypting data, many users prefer convenience over security.

The state of Android devices is even more troubling because of the OS fragmentation, with 32 percent of handsets shown to be running Android 4.0 or below, leaving these devices subject to the Stagefright vulnerability. Because Android updates don’t deploy automatically, it can take weeks or months for devices to receive updates. If you’re part of an organization allowing employees to access sensitive data (particularly on BYOD assets), that could spell trouble.

That’s where mobile device usage policies (MDUP) and enterprise mobility management (EMM) come into play. With a solution in place, organizations can require employees to implement smartphone security basics on devices up front. Plus, they can detect when users are missing supported security updates and create a plan for keeping everyone up to date. Furthermore, these EMM platforms take security one step further by requiring multi-factor authentication during device enrollment and before granting access to corporate applications and content. It’s just one more line of defense against prying eyes and malicious hackers who could turn a lost or stolen smartphone into your company’s worst nightmare.