One early morning in 2009, UK fishmonger Glen Kerley caught a 12 kilogram cod off the West Sussex coastline. Preparing the fish for sale, he was surprised to find a Nokia 1600 inside. The SIM card still worked — and Glen was able to return it to businessman Andrew Cheatle, who had lost it earlier that week playing with his dog in the surf. It’s an extraordinary story, but it reminds us that our information can end up in places we could not imagine.
One of the single biggest drivers of workplace productivity in recent years has been the ability of employees to use mobile phones and tablets on-the-go to access company data and systems. But this brings challenges. It means that every day, almost all of a company’s confidential data walks out of the door, in the pockets and handbags of employees.
And sometimes, it doesn’t comes back. According to the Australian Mobile Telecommunications Association, every three minutes an Australian loses a mobile phone, or has one stolen. This exposes the company’s information and network to a whole raft of security threats, such as people hacking into corporate systems or accessing sensitive company information.
The productivity benefits of mobile technology are well-known. But not every company has an IT policy that reflects the mobility of its data. The best mobile security policies balance strong protection with usability. If a policy is too weak, your company is vulnerable. Too strong, and your employees will find a way to work around it. A Harvard Business Review survey last year revealed that over 80% of US employees admitted to using unauthorised devices at work.
A good mobile security policy takes a little work. But there are four baseline protections every system should have. Here they are, each paired with a true story of an animal that has got hold of a mobile phone. They represent the first step to protecting your company’s data should an employee’s phone end up in the wrong hands. Or the wrong paws.
Lost and Found
In 2009 the Times of India reported that local farmer Ishwar Totager dropped his phone while cleaning his shed. Several days later, it was reported to have reappeared in a dung heap, near a relieved-looking buffalo.
The lesson: Your system should be able to know where your devices are. Modern smartphones have features that let you see where they are. This information helps you assess the degree of risk that your misplaced phone poses, and act accordingly. For instance, you can respond differently depending on whether your device has has been lost in your kitchen as opposed to a busy city cafe.
The Daily Mail records the story of a UK farmer who was helping to deliver a calf. Ingeniously, he was making use of his phone’s torch to do so. During an involved part of the proceedings, his hand slipped and the phone disappeared.
The lesson: Sometimes you will lose control of your device. That doesn’t mean you should lose control of your data. Phones can contain a lot of sensitive information. If you are on Android, the Android Device Manager gives you or your company the ability to wipe data remotely, and ensure your company’s information stays in the right hands.
In August 2013, Norwegian teenager Lars Andreas Bjercke was mucking about with friends in a forest when a fox saw his mobile phone on the ground, and scurried off with it. Lars was upset enough, but the Huffington Post reports that the fox then sent a smug text message (for the record, it read: Jlv In ø \ a0ab 34348tu åaugjoi zølbmosdji jsøg ijio sjiw). Lars never recovered the phone.
The lesson: Lockscreens are security 101. Your system should require all users to have lockscreens, to prevent others from accessing your data and information.
The Daily Telegraph reports that Rimma Golovk, a visitor to a Ukrainian zoo in 2011, was trying to snap a shot of a crocodile when she accidentally dropped her phone into the enclosure. Gena, an inquisitive 14 year old female croc, snapped it up. “This should have been a very dramatic shot”, said Rimma, “but things didn’t work out”. The crocodile did not return the phone for over four weeks.
The lesson: Danger can strike at any time — so your laptop or other device should update its virus protection automatically. Even during periods when (for whatever reason) you don’t have access to your device.
Not many phones end up in the possession of animals. But every year, in more mundane ways, hundreds of thousands of Australian mobile phones get lost or stolen. And in some cases, sensitive company information makes its way into the wrong hands.
This is the flip side of the huge advantages conferred by data mobility. The good news is that a good mobile security policy can go a long way to minimising this risk. With cloud-based computing, the solutions are there to help you protect your company’s information. That’s a much better idea than crossing your fingers and hoping for an Act of Cod.
*Kevin Ackhurst is Managing Director of Google Enterprise Australia