Cities search for solution to phone-theft epidemic

With smartphone theft exploding, businesses face extreme risks

Upgrade your firewalls, insist on 16-character passwords, and apply all your security patches the day they come out. None of that may matter: The sad reality is that the biggest computer crime your organization is likely to face is the physical theft of a mobile device, should one of your traveling sales staff find their car broken into and their laptop bag stolen or merely become the victim of a subway bump-and-grab.

The statistics around device theft like this are alarming. Last year Kensington published statistics claiming that up to one in ten laptops will be lost or stolen over their corporate lifespan. Another stat noted that one laptop is stolen every 53 seconds.

Today, thieves are finding that smartphones are even easier targets, and theft of these devices is becoming rampant. In San Francisco, fully half of all robberies now involve a cell phone--yet users have no qualms about walking down streets in the worst possible neighborhoods, their heads buried in their phones, oblivious to the world around them. New York has seen a 40-percent spike in cell phone thefts in the last year.

Phones are a liquid and lucrative market for thieves. They are easy to resell, they hold their value well, and they're incredibly portable and easy to conceal. (Which would draw more attention? Someone on the street with an iPhone or someone carrying a large television?) They're also incredibly easy to steal. Just grab the phone from their hands and make a run for it. No threat or confrontation is usually needed, unlike, say, stealing jewelry or a wallet -- although some device thefts have been incredibly, bloodily violent.

For businesses large and small, smartphone theft represents a massive amount of risk, far worse than the typical user faces due to the potential loss of a few phone numbers and your Angry Birds saved-game data. As businesses become increasingly mobile and 24/7 in nature, more and more sensitive data has moved to handsets. Contact lists, saved passwords, internal apps, and even mobile payment information is likely to be stored on a cell phone--all of which might be secured by a four-digit passcode, if at all.

Finally, someone is trying to do something about the problem. The Washington Post reports that a summit of sorts is about to get underway this week between the Attorneys General of New York and San Francisco and cell phone manufacturers, including Apple, Google, Microsoft, and Samsung. Their goal: Figure out a way for thefts to be discouraged by the creation of a "kill switch," so stolen phones can be easily disabled from anywhere. The kill switch would allow for phones to be made "completely useless" via a command sent to them wirelessly.

In the meantime, it's up to individuals and businesses to protect themselves. Near-term solutions include:

  • Ensuring all devices are secured with the strongest passcodes possible (it may not be much, but it's something).
  • Enabling options to wipe data from a phone if too many incorrect passcodes are entered.
  • Installing apps like Find My iPhone to help law enforcement locate and recover missing handsets.

Join the CSO newsletter!

Error: Please check your email address.

Tags consumer electronicssecuritymobile securitysmartphonesNonebusiness security

More about 24/7AppleEnablingGoogleKensingtonMicrosoftSamsung

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Christopher Null

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place