Every few seconds, someone loses their cellphone. In 2011 alone, the value of lost phones totaled $30 billion! But carelessness is not the only cause of device loss: smartphones are now a top target of thieves, pickpockets, and purse snatchers. Nearly half of all robberies in San Francisco, for example, are cell phone-related. In New York City, police claim that more than 40% of all robberies involve cell phones. And what happens when those devices are lost or stolen? Symantec’s famed “Honey Stick Project” found out: it intentionally “lost” fifty phones in several major cities—each of which was loaded with the same apps and data. None, however, were secured by a passcode. Symantec found that more than 95% of the people who found the phones attempted to access personal or sensitive information, including bank accounts and e-mail.
What happens, then, if all of these stolen devices are connected to your organization’s networks? The statistics show:
1) the frequent loss of mobile devices presents a very real threat to information security—particularly if data are not encrypted; and
2) your organization’s sensitive information is likely to be exposed when employees do not know how to properly secure their devices or know the specific and immediate steps to take when a device is lost. The potential costs associated with such incidents can be significant if the compromised data involves a breach of regulated information.
Compliance requirements most certainly extend to mobile devices, and if your organization has not demonstrated due diligence via a robust mobile device policy that is in turn communicated through an effective security awareness program, then your company’s exposure is considerable. Information security in the BYOD paradigm requires a multi-layer defensive strategy that includes the most crucial endpoint of all—your people. Your company’s sensitive data is, quite literally, in their hands. Equip them to handle that data securely, competently, and responsibly with a proper security awareness program before more than just a device is lost.