Do You Carry Your Work with You?
Whenever a company finds that an employee is the weakest link in the cybersecurity chain, it’s important to uncover whether their data breach was intentional or accidental.
Intentional inside job data breaches are a criminal matter all on their own, but more often than not, the impact was the result of an accidental security breach. Sometimes it’s carelessness, like losing a company laptop with sensitive information stored inside, and other times it’s due to a lack of training, such as downloading a virus or falling for a boss phishing attempt.
But there’s a whole other avenue to accidental corporate data breaches that too many people overlook, and that’s the technology we carry with us at all times. Your smartphone, whether it was issued by your company or is your personal property, may provide a thief with everything he needs to steal large amounts of data.
Mobile devices are becoming firmly entrenched in our everyday lives. Data from the most recent Pew Internet survey found that 68% of US adults use a smartphone, while 45% of US adults also have a tablet. With so many mobile devices handy, it’s easy to overlook how vulnerable they really are, especially if your smartphone connects your personal life and your work life. That small computer you carry in your pocket can lead a hacker or scammer directly to your company’s sensitive data and with relatively little technological know-how.
If your smartphone falls into the wrong hands and is logged into your work email account, it would take very little for someone to scroll through your sent mail, locate someone from within your company, and issue instructions to that person to reply with attached documents, to change an account password for you, to transfer funds or another malicious act. If you post on your company’s social media accounts or pages from your smartphone, such as sharing pictures of your co-workers volunteering at a charitable event, that thief may also have access to your company’s public profile.
In order to enjoy the convenience of a smartphone while still protecting your company’s data, there are some steps you should take. First, whether your mobile device is used for work or strictly personal use, it’s important that you passcode lock it. Activating this feature will mean anyone who finds it cannot open the phone without the code, and after too many incorrect attempts it can even permanently lock the phone. Next, if your device includes the option to “track” or locate the phone, that needs to be activated, too. It’s not so much a matter of actually apprehending the individual who has it, but it would give you peace of mind to know where it ended up. Finally, many smartphone models give you the option to “brick” the phone if it’s lost or stolen, meaning you can remotely wipe the device. If you’re going to use your phone for work-related purposes, it would be a good idea to have this option enabled.
One of the easiest things you can do to protect your work-related accounts in your personal device is simply to log out of them when you’re not using them. It can be a hassle to log in with your password each time you want to use it, but you would know that your accounts weren’t left open if something happens to your phone.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.