Two months ago, my Blackberry fell out of my car when I stopped at a rest stop on the turnpike. I was lucky. The young man who found it lying in the parking lot, decided to try to locate the owner. He called up last number I had called, talked to a friend I had just spoken to, who gave him my husband’s cellphone number, so we were able to connect and arrange the best way to reunite me with my Blackberry. I was very grateful to this young man, but I realized that I was amazingly lucky.
At the time I lost my phone, I hadn’t secured it with a password. I hadn’t set the screen-saver to provide the “if found, pls. call XXX-XXXX for a reward” to make it easy for someone to return my phone to me. And, I hadn’t protected the data on my phone from being scraped by someone who wanted to spy on me or to steal my identity. Thanks to this close call, I have now secured the data on my phone, and arranged to be able to wipe it remotely if it falls into the wrong hands.
Here’s a handy Infographic from the people at Backgroundcheck.org to remind us of “What Our Phones Can Reveal About Us”:
From: Background Check Resource
Who Is Collecting Data about Lost Smartphones?
I was curious about where the data came from for this graphic, so I dug a bit further. Mobile security provider, Lookout, aggregates the information from its 15 million smartphone customers in 170 countries around the world and publishes that aggregated information. (It’s all anonymous.) Most people lose their phones once a year. In some cities (such as New York), people lose their phones twice a year. So, if you want to know where people are most likely to lose their smartphones in Seoul (martial arts Dojo), London (pub), Philadelphia (car repair shop), or Atlanta (your office), you can find out at Lookout’s Mobile Lost and Found.
But most chilling were the results from the Smartphone Honey Stick Project run by Scott Wright’s company, Security Perspectives, in Ottawa and funded and publicized by Symantec. You can access the full report here. Scott did his first “honey stick project” in which he “lost” and tracked what happened to 54 USB memory drives that were configured with special tracking software, 35 of them were picked up and inserted into someone’s Internet-connected PCs and files were opened. In this most recent study, which Scott calls Phase 2, they deployed 50 smartphones with visible apps clearly labeled: mail, private pix, passwords, contacts, online banking, and some apps intended to mimic corporate apps, like HR Salaries, in public places (restaurants, buses, subways, etc.) in New York City, Washington D.C., Los Angeles and the San Francisco Bay Area, and Ottawa. The good news is that 50% of the people who found the phones attempted to return them. Here’s the bad news:
“1. 96 percent of lost smartphones were accessed by the finders of the devices
2. 89 percent of devices were accessed for personal related apps and information
3. 83 percent of devices were accessed for corporate related apps and information
4. 70 percent of devices were accessed for both business and personal related apps and information”
~ Key Findings: Symantec Smartphone Honey Stick Project
The bottom line: The current practice of carrying all the details of our lives around on our phones is quite risky. Companies like Symantec are trying to educate their corporate clients about good security practices for employees’ mobile phones (and provide them tools to wipe corporate data off of a misplaced phone). But a better solution would be to design phones that are more secure and private and very easy to locate, protect and to wipe, so that no prying eyes can retrieve any of our data.
When you travel, you need to be particularly vigilant. For example, most savvy business travelers do not even take their mobile phones or their laptops with them to China. They have learned that there is too much danger of having your phone scanned and all of your data stolen.
The biggest risks you face on a daily basis may not be losing your phone, but having it invaded with spyware. If you feel that your personal phone or your combined personal + business phone may be at risk, here are some resources you may find useful:
- Securing Data: An Apple and Android Security Guide (Techtarget)