Symantec, purveyors of the bloatware popular antivirus software, Norton, decided to test the outcome for “lost” mobile devices. The results of then experiment are as much about smartphone security as about human honesty.

Symantec created the “Honeystick Project” to test what would happen to information on a smartphone if it went missing. For the experiment, Symantec placed 50 smartphones throughout big cities in the United State and in Canada, to test honesty and curiosity. The phones were marked with “sensitive” information, including a document labeled “HR Salaries.”

The testers found three things:

  1. 6 of 10 finders attempted to view social network information;
  2. 8 of 10 finders attempted to view corporate or private documents; and
  3. 96% of the smartphones were accessed by the finders, regardless of whether they were returned (only 50% were returned)

The big take-away from this experiment comes from Symantec’s suggestions:

Corporations should take the following steps to ensure mobile devices and sensitive corporate information remains protected:

  • Organizations should develop and enforce strong security policies for employees using mobile devices for work; this includes requiring password-enabled screen locks. Mobile device management and mobile security software can aid in this area.
  • Companies should focus on protecting information as opposed to focusing solely on devices—securing information so it is safe no matter where it ends up.
  • Educate employees about the risks both online and physical associated with mobile devices, such as the impact of a lost or stolen device.
  • Take inventory of the mobile devices connecting to your company’s networks; you can’t protect and manage what you don’t know about.
  • Have a formal process in place so that everyone knows what to do if a device is lost or stolen. Mobile device management software can help automate such a process.
  • Integrate mobile device security and management into the overall enterprise security and management framework and administer it the same way. In essence, treat mobile devices as the true enterprise endpoints they are.

Consumers should take the following steps to ensure mobile devices and the personal information on the devices remains protected:

  • Use the screen lock feature and make sure that it is secured with a strong password or “draw to unlock” pattern. This is the most basic security precaution and requires minimal effort on the part of the user, yet can provide a critical barrier between personal information and a stranger.
  • Use security software specifically designed for smartphones. Such tools can stop hackers and prevent cybercriminals from stealing information or spying on users when using public networks. In addition, security software can often help locate a lost or stolen device and even remotely lock or wipe it.
  • When out and about, users should make sure that their mobile devices remain nearby and are never left unattended, being mindful of where they put devices at all times. It is also a good idea to make sure that they can differentiate their device from others that might be sitting in the immediate vicinity by adding distinguishing features, such as a sticker or a case.

I’ve written about mobile device security before (and here, here, here, here, here, and here). The fact is, Symantec’s recommendations aren’t rocket science. We know beyond all measures that protecting your personal data is paramount for attorneys.

Fortunately, Android offers some pretty slick security features, such as pattern lock (a must) and two-step verification. There are also several apps, such as Lookout, which is available in the-Google-website-formerly-known-as-the Android-Market for protecting you from malware, in addition to NQ Mobile’s Secret Vault, which can hide your pictures, contacts, and SMS messages.

One of my new must-have apps is Seal. This is a full-fledged protection app, offering you the option of adding a second layer of password protection to your Android device. There’s a reason why this app put the “period” on my favorite Android security app. Look for my review coming shortly.

Jeff Taylor

I'm just an ordinary guy living an extraordinary life. I'm also an attorney and I blog about Android for lawyers. You can follow me on Twitter, LinkedIn, YouTube, or Google+.

1 Comment

The Droid Lawyer™ | Why an Unlocked Phone and a Removable Battery Might Not Be So Great · February 16, 2013 at 6:04 am

[…] that you need to have security in place to immediately remotely wipe your device if it gets lost. Lookout and Bitdefender have excellent remote wipe capabilities. Also, don’t forget if you’re […]

Let's discuss this (you can use Markdown in your comment)

%d bloggers like this: