Experiment Reveals Smart Phone Risks'Lost' Phones Illustrate the Vulnerabilities
The result? Only half of those who found one of the phones made any attempt to return it. And information on 96 percent of the lost phones was accessed by their finders. Here are the details:
- Sixty percent of the finders attempted to view social media information and e-mail on the devices.
- Eighty percent tried to access corporate information, including files clearly marked as "HR Salaries and "HR Cases."
- Half tried to run an application labeled as "Remote Admin," simulating access to a remote computer or network.
In a blog on the mobile device experiment, Kevin Haley of Symantec notes: "The point of all this is not to say that people are bad. It's that people are naturally curious, and when temptation is put in front of them, they tend to bite the apple."
The point of all this is not to say that people are bad. It's that people are naturally curious, and when temptation is put in front of them, they tend to bite the apple.
So what are the lesson learned here? Haley says that if these phones had been password-protected, casual finders would not have trolled through the data. Also, the experiment highlights the value of programs that remotely wipe data as well as applications that help locate devices when they're lost or stolen.
Surely, implementing passwords, remote wipe capability and device-finder software are simple steps that every organization should take, whether their staff members are using corporate-owned or personally-owned devices for work-related purposes. After all, phones are very easy to lose and are commonly stolen.
But the folks at Symantec suggest further steps, including password-enabled screen locks; focusing on protecting data, as well as devices; educating employees about addressing the risks involved in using smart phones; and implementing a mobile device management application to help with administering controls and monitoring devices.
At a time when government agencies, such as the Department of Veterans Affairs, as well as financial institutions, hospitals and others are gradually shifting from desktop to mobile devices, it's important to take sufficient steps to ensure the information on those devices - including links to corporate networks - remains secure. Another important step is to minimize the amount of data actually stored on the devices.
Otherwise, one lost phone could ring up plenty of headaches.