Is this true for you? That your smartphone has merged your private and work lives. Smartphones now contain—by accident or by design—a wealth of information about the businesses we work for.
If your phone is stolen, the chance of getting it back approaches zero. How about lost in an elevator or the back seat of a taxi? Will it be returned? More importantly, from our point of view, what about the info on it – the corporate info?
Earlier this year, the Symantec HoneyStick project conducted an experiment by “losing” 50 smartphones in five different cities: New York City; Washington D.C.; Los Angeles; San Francisco; and Ottawa, Canada. Each had a collection of simulated corporate and personal data on them, along with the capability to remotely monitor what happened to them once they were found. They were left in high traffic public places such as elevators, malls, food courts, and public transit stops.
- 96% of lost smartphones were accessed by the finders of the devices
- 89% of devices were accessed for personal related apps and information
- 83% of devices were accessed for corporate related apps and information
- 70%of devices were accessed for both business and personal related apps and information
- 50% of smartphone finders contacted the owner and provided contact information
The corporate related apps included remote access as well as email accounts. What is the lesson for corporate IT staff?
- Take inventory of the mobile devices connecting to your company’s networks; you can’t protect and manage what you don’t know about.
- Track resource access by mobile devices. For example if you are using MS Exchange, then ActiveSync logs can tell you a whole lot about such access.
- See our white paper on the subject
- Track all remote login to critical servers
See our webinar, ‘Using Logs to Deal With the Realities of Mobile Device Security and BYOD.’