Smartphone Security: Alarming Complacency Among Mobile Users
Most consumers are unaware of the security risks associated with their smartphones.
A few months ago, a friend of mine found a smartphone on the ground near his home. When he told me the story of finding it, he mentioned the phone was password-protected. This being me, I thought it was great and the phone's owner did the right thing. My friend, however, was disappointed he wasn't able to access anything. Turns out my friend was more interested in checking out the phone itself because he wanted to keep it. He also admitted that he would have looked at the photos and email messages that might be saved.
My friend is like the vast majority of Americans. Smartphones are a lot like bathroom cabinets in that if people have access, they will snoop. And for half of Americans, finding a lost smartphone is almost like a free upgrade.
At least, that's the result of an interesting test conducted by Symantec. The results were announced on "The Today Show." According to MSNBC:
Symantec researchers intentionally lost 50 smartphones in cities around the U.S. and in Canada. They were left on newspaper boxes, park benches, elevators and other places that passers-by would quickly spot them. But these weren't just any phones -- they were loaded with tracking and logging software so Symantec employees could physically track them and keep track of everything the finders did with the gadgets.
The phones made it easy to find contact information for the "owner." Symantec also created files filled with "personal" and "work-related" information. What it found was that the vast majority of people are nosy. From MSNBC:
Some 43 percent of finders clicked on an app labeled "online banking." And 53 percent clicked on a filed named "HR salaries." A file named "saved passwords" was opened by 57 percent of finders. Social networking tools and personal e-mail were checked by 60 percent. And a folder labeled "private photos" tempted 72 percent. Collectively, 89 percent of finders clicked on something they probably shouldn't have.
The Symantec test focused on consumers and the risks of identity theft. But as more employees use their personal devices for work purposes, a lost or stolen phone puts company data at risk, which could include intellectual property, corporate financial information or even personal data on other employees.
The Symantec experiment is a good reminder for companies to be prepared for the worst. That means making sure every device that is connected to the business network is password-protected and is loaded with software that will allow for a remote wipe. Make sure a procedure is in place to report lost or stolen devices as soon as they are missing. And finally, encourage employees to avoid keeping any sensitive data in files on the phone. If you do need to access important documents, consider keeping them in a password-protected cloud format.
And speaking of passwords: Don't save them in a file on the phone. That's just asking for trouble.