The thought of losing our mobile phone fills many of us with dread and fear. After all, we run our entire lives from these pocket devices. Gone are the days of using our mobile phones exclusively for making calls, sending text messages and light internet surfing. Now we keep all our personal information on them including text messages, contacts, emails, photographs and videos, birthdays, identification data and so much more. To find that you’ve forever lost a sentimental text message from your husband or an old photograph of your grandmother would be devastating enough – but what if your mobile phone held valuable information belonging to the company you work for?
With many employees now owning an exclusively work mobile phone and others holding business information on their personal phones, their devices could hold anything including usernames, passwords, financial information and highly confidential data. So now the devastation doesn’t just affect the individual, but the entire business.
The Bring Your Own Device (or BYOD) policy allows employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and use those devices to access company information. This phenomenon has taken the world by storm but by utilising private smartphones alongside professional handsets, especially as the refreshment cycle for consumer handsets is more rapid than work devices, this brings even more danger and precautions must be taken at all stages.
As current developments indicate, our mobile phones could soon be used to control everything we do – from giving us access to our home, car, medical and financial records, to being a communications hub, for email accounts, internet and managing social media profiles. The potential for the business world is enormous, but with that comes enormous risk.
Security breaches are commonplace these days and employees must do all they can to ensure they are not making such an incident easy, as many often overlook how much risk their mobile phone carries.
There are two main scenarios in which specific precautions need to be taken.
One sees the mobile phone being sent to a laboratory or workshop for critical repairs. Once the phone is out of its owner’s hands, it is difficult to protect the data it contains. The other is when a phone is traded-in for a newer model while the old phone – and all its content – is left with the store or recycler. In fact, research has found that between 54 and 60 per cent of discarded or traded-in used mobile phones still contain the personal data of their previous owners.
One overlook can risk a whole business, and with all this highly sensitive information at stake, employers and employees alike should be advocating the need to protect themselves and company information from risk. Many may be reassured by the fact that resetting the phone would dispose of some information but actually, unless expert equipment is used, no deletion is permanent. While mobile phone security during usage is important, it is imperative to see security right through to the end. Information will still remain on the phone even if you’re not using it unless it is correctly wiped.
Amir Lehr, VP Cellular Products and Business Development, Cellebrite
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.