Have you ever lost your phone? Or maybe you found a device that someone else had lost elsewhere? What did you do? I am sure that as a good person you just found the owner and gave the (intact) smartphone back. Am I right? But what if the phone falls into wrong hands? What could happen then?
Let’s analyze those two scenarios. Just imagine: Monday afternoon, you are coming home from your work. When you are walking through the park, you find a phone. It’s quite new, undamaged with a nice case by the way. Now, let’s take a look at what we can find on this phone…
First of all, there is quite a big chance that the phone is unlocked and it is not protected by any PIN code or pattern. Almost 30% of smartphone owners have no lock screen on their phones*. Anyway we’re so bad at making unique PIN codes that even if we use it, one-third of “secured” phones are cracked with passwords like 1234, 1111, 0000, 1212, 7777 etc. So here you are – standing in the park with an unlocked phone, which is not yours. Since you are a good guy, the only thing you want to do is to find out who the owner is. You can try using Facebook or a Contact book (sometimes there is an ‘About me’ profile there). That’s probably enough to find the owner and the story could end right here. Once you contact the owner, the phone can go back home. BUT! What if you are a bad guy…?
We already know that there is a Contact list, probably including some business contacts. We must be aware that access to contact details gives a thief many possibilities to use them (for his own benefits of course). Corporate contacts can be used for phishing or can be sold to the competitors for example.
Ok, let’s move on. We have common apps on the phone, e.g.:
- Maps – we can easily check now where this person lives and works,
- Email account – it’s hard to describe what could happen when someone would take control over your email account, since it is a link to all our Internet accounts,
- Banking App – nice, we can check the bank account (and not only check it, if you know what I mean),
- Facebook – we can impersonate and extort money from friends of that person (I know a few people who have been deceived this way),
- Onedrive, Dropbox – what is there? Both private photos and some business files, which means that both private and corporate data are without any security.
Let’s focus on corporate data, because this interests us the most. As I mentioned, the corporate contacts can be used for phishing or sold to the competitors. Same with the confidential company reports and files which means a serious data leak. Such files can be downloaded over bluetooth, USB cable or over the Internet. If the company is using communication apps like Slack, there can also be a lot of internal information that can be in potential danger. Besides, you know best what data a thief can find on your phone. The question is: is it really worth the risk to ignore the data protection?
And what about the consequences? Not only the GDPR fees but also a serious loss of the company’s reputation which can be much more valuable than any fee. And that’s the place where the old, well-known truth gains importance: prevention is better than cure. Although you are twice as likely to lose your device than have it stolen, you never know in whose hands your device will end up. Let’s keep an eye on our phones then and let’s keep our data safe.
*Pew Research Center, 2016