The potential compromise of credit card data of 40 million Target customers is a reminder that the online world remains a dangerous and evil place. It is, sadly, just the way things are.
Much of the attention paid to security focuses on devices that people have and use. That makes perfect sense. But a bit more attention should be paid to devices that are on their way out the door.
The emergence of bring your own device (BYOD), where the end of life procedures for the phone may not be in the enterprise’s hands, complicates things. Dark Reading’s Kelly Jackson Higgins suggests that the time around New Year’s is particularly important: Many employees get new phones as gifts and the old ones, which possibly contain corporate information, may end up for sale or in the hands of kids and other relatives.
An important step in ending the life of your phone is migrating data. Brian Bennett at CNET offers some advice on how to safely get rid of a smartphone. He begins by suggesting that moving data, including contacts and calendars, to another device is easy, even if two operating system platforms are involved. Bennett offers ideas on migrating media and points out that moving from one phone to another on the same GSM network only requires a switch of SIM cards.
Once all the data is safely shifted, Bennett writes that a factory reset can be done. Starting a dummy account with the carrier and doing a second reset is a good precaution, he says. The SD card should be physically removed.
Help-Net Security writes that the Data Security and Breach Notification Act of 2013 will put the issue of discarding phones and other devices front and center for many organizations. The piece makes several high-level suggestions. Companies should think “prevention, not reaction,” and take every effort to protect electronic data and create a “culture of security.” The story says that procedures and policies specifically aimed at mobile workers should be put in place.
Finally, security of another sort must be mentioned. ReadWrite’s Adriana Lee warns of the dangers of selling devices to strangers. People are apt to sell devices and deliver them in face-to-face meetings as a way of avoiding scam artists. Lee writes that this should be done at well-trafficked venues and during the day so it is easier to see if the person is following you afterward. The seller should bring a companion, have a couple of conversations before the meeting to ensure that the person sounds on the level and, finally, verify the buyer’s identity.
Since mobile devices are sold and discarded in large numbers, it behooves organizations and their employees to put a plan in place to ensure that they are stripped of their valuable information.