Much has been said of the potential security vulnerabilities of smart phones used in a business environment. Until now, however, hard data has been heavily anecdotal, focusing on breaches that occurred at one business or another that turned out to result from the misuse of a smart phone. That has all changed with the release of a new study conducted by antivirus firm Symantec.
The company chose five major cities for the experiment and prepared 50 smart phones, each one loaded with data that would appear to be authentic information, both personal and business-based. Symantec then launched the experiment, leaving the phones lying about so that they would appear to have been lost. The goal of the study was to determine to what extent a found smart phone would end up with individuals who would attempt to misuse the data it contains.
What Symantec found was alarming. Although about half of those who found the phones did make some sort of effort to return it, major kinds of data stored on the phones were accessed regardless. In many cases, the data accessed could not have been related to an attempt to find the owner. For example, four-fifths of those who found the phones tried to open files that were marked as salary information. A full half attempted to use the phones to establish remote access into a corporate network.
These findings demonstrate the need for a managed programs approach. Managed programs staff can implement IT solutions to make sure that mobile devices are properly secured and encrypted so that should they become lost, the data they contain is not immediately accessible to casual users.