More than 90% of North Americans carry some type of mobile device, according to the Pew Research Center – and the information on those phones has never been more vulnerable.
In the first nine months of 2014 (the latest numbers available), 66,735 cellphones were reported lost or stolen in British Columbia, according to the Canadian Wireless Telecommunications Association (CWTA).
A recent social experiment revealed that when phones are found or stolen, people are likely to use the phone to try to see what’s on it.
The experiment, called the Honey Stick Project, and carried out by Symantec Canada, planted 60 smartphones in six Canadian cities: Calgary, Toronto, Ottawa, Montreal, Halifax and Vancouver. The smartphones were uploaded with simulated corporate and personal data, along with the capability to remotely monitor what happened to them once they were found.
In total, 93% of the phones (56 of 60 phones) were accessed by finders for information on the device.
“Vancouverites were both the least likely to offer to return the lost phones, with only three of the 10 devices indicating return attempts, and they were incredibly eager to gain access to private information,” said Alexander Rau, a national information security strategist for Symantec Canada. Seven of the 10 Vancouver phones were clicked through to login pages, and one phone finder recharged the device several times while attempting to access both personal and corporate data including a dummy app labelled “HR Salaries.”
If your phone isn’t sufficiently equipped with a locking screen, expect all the files on it to be viewed if it’s found or stolen, Rau said. And the only surefire way companies can ensure privacy breaches do not occur on an employee’s phone is to make sure the device’s information is wiped as soon it’s reported lost or stolen, he added.
“Business leaders should develop and enforce strong security policies for employees using mobile devices for work.”
In 2013, the CWTA along with major wireless carriers launched a national stolen-device blacklist in hopes of curbing both the intentional privacy breach of found or stolen cellphones and the re-sale value of stolen cellphones.
Under the blacklist, a wireless device is reported lost or stolen to a wireless service provider and that device’s international mobile equipment identity (IMEI) number will be added to a shared national blacklist. Any device appearing on the blacklist is then blocked, with participating Canadian wireless service providers not allowing it to be used on their wireless networks.
Most cellphone owners don’t know their mobile devices have an IMEI, said Marc Choma, senior director of communications for the CWTA. The CWTA’s Protect Your Data (protectyourdata.ca) campaign hopes to increase awareness around the subject.
“We also feel that consumer awareness of the blacklist since the end of 2013 may have increased the number of consumers reporting their devices lost or stolen, which would be a positive step,” Choma said. •
