Intelligence Advisory
 Smartphones can create
 more risk for organizations

Security Issue: Technolytics provided the following insight into what data types are commonly stored on these devices:   Names/ Phone Numbers: 98%   Addresses: 87%   Dates & Calendar: 74%   Text Messages: 71%   eMails: 56%   Passwords/PINs: 39%   Photographs: 37%   Corporate information: 34% The only way to make sure data cannot be retrieved from these devices at the end of their life is to use the same grinders we use for hard disk drives. What? You aren’t grinding your hard drives?

Copyright Technolytics © 2001-2008

Technolytics is a security research and intelligence provider.

Smartphones, driven by increasingly sophisticated consumers, have become an essential tool for business professionals worldwide. Security professionals have been pointing out the information security issues surrounding these devices for a while now and in April of this year we got a stark example of the threat they can pose to an organization.

Rafael Quintero Curiel, lead press advance person for the Mexican Delegation, was caught stealing multiple BlackBerry devices belonging to White House staffers. The staffers were attending meetings between U.S. President George W. Bush and Canadian and Mexican leaders in New Orleans that week. Ironically enough the event was the Security and Prosperity Partnership of North America Summit. Luckily, the U.S. Secret Service caught up with Quintero Curiel at the airport but unluckily, he was caught after the devices had been in his possession for a half an hour.

What information was he able to extract and transmit in that time? How many trade-shows, conferences, and summits do your executives and sales-people attend in a year?

A typical 64MB BlackBerry can hold: 28,000 printed pages 27 hours of digital audio recording 50 high quality digital images (if it was a picture phone) 3,500 average size emails (without attachments)

Our statistics show that of the professionals using mobile devices such as PDAs and smartphones:

Over one-third don't use passwords or any other security protection. Almost half of these users store their PIN numbers, passwords and other sensitive corporate information on them. Nearly a quarter admit losing one of these devices in the last 12 months.

In-Stat predicted that smartphone sales will grow at a rate of more than 30 percent a year for the next five years. And the security concerns are only increasing with the advent of wildly successful consumer devices like the iPhone. Whether officially sanctioned or not, professionals are carrying full-blown computers with the ability to connect through Wi-Fi, store "live" documents, and provide a full e-mail trail including attachments. And while some of these devices have security features like device locators and the ability to remotely disable the device, digital forensics techniques can still be applied with success.

These computing devices, disguised as phones, store user authentication information and can act as network end-points; reinforcing the need for organizations to have a security awareness program in place. Employees must be educated about basic security precautions including authentication, sensitive data handling, encryption, and device loss and disposal (the cause of 10% of the 325 data breaches reported in 2007). In light of increasing regulation like SOX, HIPAA, and PCI data handling and device management policies and procedures have to be adapted to today's reality while achieving the goals of the information security program.

Whether you’re itching to get an iPhone yourself, or rollout PDAs to your sales-force there are certain security precautions you need to take to safe guard against information leakage.

For information about addressing this and other security threats contact Solutionary today!

866.333.2133
www.solutionary.com