The business world has become hyper-dependent on smartphones to store important, sensitive and even proprietary information not only about our companies but also about others and their companies.
But our smartphones are easily lost and frequently targeted by thieves.
The danger of having our most important information lost or stolen is now so great that it’s like walking around with hundreds of pieces of note paper stuffed into our hands and bulging out of our pockets – on a windy day.
The risk of losing important, irreplaceable, or proprietary data – some of which may actually belong to our clients or customers – is enormously high. In fact, one in 10 U.S. smartphone users have had their devices stolen, according to a recent study by Lookout, a mobile security firm. Perhaps more startling, one in every three robberies in the U.S. involves the theft of a mobile device, according to the Federal Communications Commission.
Then there’s the matter of smartphones that are simply lost, accidently destroyed, stepped on, dropped into water, or left lying in the parking lot after someone drives off having forgotten they left their phone on the roof as they climbed in.
In any case, companies run a huge risk because of the data stored on such devices.
What’s a Company to Do About Risks Posed by Mobile Devices?
What can they do about it? For starters, all companies these days need to have a clear, reasonable and enforceable cellphone use policy. Some companies or corporate departments dealing with extremely sensitive information – say, defense contractors, R&D departments, or banks – might be wise to implement a ban on cellphones being present in certain areas of the facility, or, at a minimum, forbid employees from recording any work data in their phones.
Other companies should consider issuing employees phones capable of handling work-related tasks but which can’t be used for personal purposes. Tough data security software then could be installed on such phones that would make it very difficult for unauthorized users to access stored data and applications.
Companies that allow employees to use their own cell phones – and thanks to the explosion of the BYOD (Bring Your Own Device) trend in the last couple of years that’s now close to half of all corporate employees – need to take two key security steps:
- Ensure Workers Use Passwords: They need to make sure employees use password-protected apps on their phones to access key company information. That way, thieves will have a hard time actually tapping into valuable information once they pilfer the phone.
- Have and Enforce a Policy: They need to make sure their employees know their responsibilities for protecting company data under the company’s cellphone use policy, and that employees are certain that the company WILL enforce tough consequences for their failure to protect company data. Such consequences could include termination in extreme cases of negligence or repeat offenses. But more likely it would involve financial penalties, unpaid suspension days, demotions, or loss of access to certain types of data (which could make doing their job harder and their path to promotion more difficult).
Why Tough BYOD Policies are Needed
Why are tough, nonsense policies even necessary? Because the value of a lost phone is often far greater to the company whose data is compromised than it is to the individual user, or even to the thief that steals simply to re-sell it on the huge international black market for cell phones.
Lookout’s study showed that smartphone owners typically value the data on their phones – names, numbers, photos, documents – at around $500. And refurbished smartphones on the black market can sell for $50 to $100 (or even less in some countries). But in many cases the company data on those phones is worth far more in the wrong hands.
Fortunately, sophisticated smartphone security solutions are now on the market. Apple’s iOS7 includes a feature called Activation Lock that can allow users to effectively wipe clean their iPhone’s memory and render the phone useless after it has been stolen. Of course iOS7 is only 9 months old, so many Apple users don’t yet have that feature. But within another year or two Activation Lock will be on the majority of iPhones in use.
Meanwhile, Samsung, Google, Microsoft, Motorola, Nokia and the five largest U.S. cellular carriers recently have signed on to a voluntary program to build so-called “kill switch” technology into their phones. The phone and operating system makers and cellular companies now have agreed that all phones sold in the U.S. after July 2015 will have the ability to be shut down remotely should they ever be stolen or lost.
But that still leaves more than a year. So the need for clearly-stated, tough and enforceable smart phone use policies for companies of all sizes remains.
If your company doesn’t have a BYOD policy or measures to protect against the loss of data on employee-owned devices, the best bet is to contact an IT managed services partner with experience in IT security. The right team of experts can help secure your company, today and into the future.