Amir Lehr – vice-president of cellular products and business development at Cellebrite – discusses the business repercussions of sensitive data not being wiped from old mobile phones.
The thought of losing our mobile phone fills many of us with dread and fear. After all, we run our entire lives from these pocket devices.
Gone are the days of using our mobile phones exclusively for making calls, sending text messages and light Internet surfing. Now we keep all our personal information on them including text messages, contacts, e-mails, photographs and videos, birthdays, identification data and so much more.
To find that you’ve forever lost a sentimental text message from your husband or an old photograph of your grandmother would be devastating enough, but what if your mobile phone held valuable information belonging to the company you work for?
With many employees now owning an exclusively work mobile phone and others holding business information on their personal phones, their devices could hold anything including usernames, passwords, financial information and highly confidential data.
So now the devastation doesn’t just affect the individual, but the entire business.
Bring Your Own Device: the risk factors
Bring Your Own Device (or BYOD) policies may allow employees to bring personally owned mobile devices (laptops, tablets and smart phones) to their workplace and use those devices to access company information. This phenomenon has taken the world by storm but, by using private smartphones alongside professional handsets (and especially as the refreshment cycle for consumer handsets is more rapid than work devices), this brings even more danger. Precautions must be taken at all stages.
As current developments indicate, our mobile phones could soon be used to control everything we do – from giving us access to our home, car, medical and financial records to being a communications hub for e-mail accounts, surfing the Internet and managing social media profiles. The potential for the business world is enormous, but with that comes an equally enormous level of risk.
Security breaches are commonplace these days and employees must do all they can to ensure they are not making such an incident easy, as many often overlook how much risk their mobile phone carries.
There are two main scenarios in which specific precautions need to be taken.
One sees the mobile phone being sent to a laboratory or workshop for critical repairs. Once the phone is out of its owner’s hands, it’s difficult to protect the data it contains.
The other is when a phone is traded-in for a newer model while the old phone – and all of its content – is left with the store or recycler.
In fact, research has found that between 54% and 60% of discarded or traded-in used mobile phones still contain the personal data of their previous owners.
One overlook can risk a whole business and, with all this highly sensitive information at stake, employers and employees alike should be advocating the need to protect themselves and company information from risk.
Many may be reassured by the fact that resetting the phone would dispose of some information. In fact, unless expert equipment is used, no deletion is permanent.
While mobile phone security during use is important, it’s imperative to see security right through to the end. Information will still remain on the phone even if you’re not using it unless it’s correctly wiped.