Symantec: Most lost smartphones end up in the wrong hands
Many doctors and healthcare employees have started using smartphones and tablets for their work. While that may help them be more productive, it can put a lot of sensitive medical data at risk if a device is lost.
You’d like to think that a lost mobile device would be more likely to end up in the hands of a Good Samaritan that would try to return it to its owner, rather than someone who would try to use the device for his or her own gain. But that’s not usually the case, according to a recent study from Symantec.
For the study, researchers intentionally “lost” 50 smartphones at various locations in five different North American cities. The phones were loaded with simulated sensitive personal and corporate data, as well as applications to remotely monitor what happened to the devices. Password protection was turned off on all the devices.
The results aren’t encouraging: Only half the people made any attempt to return the device they found. And even those that did still tried to access the data on the phone.
In fact, the finder tried to access information in 96% of cases. For some, they were likely just trying to find a way to contact the owner of the device. But many attempts were made to access more sensitive information. For example:
- 83% of finders tried to access corporate information, including documents with labels such as “HR Salaries” and “HR Cases”
- 60% tried to read emails or access social media accounts
- 57% tried to open a file called “Saved Passwords”
- 49% tried to run a decoy “Remote Admin” app that appeared to allow access to a remote computer or network, and
- 43% tried to use a mobile banking app
Those findings should have a clear lesson for both healthcare organizations and smartphone users: No device should ever hold sensitive information without being password-protected and having security features such as remote wipe enabled.
Also, companies should develop a formal process that is to be followed if a mobile device is lost or stolen and train users on how to keep their devices safe.
Below are a few free resources you may find useful.