Upgrade your firewalls, insist on 16-character passwords, and apply all your security patches the day they come out. None of that may matter: The sad reality is that the biggest computer crime your organization is likely to face is the physical theft of a mobile device, should one of your traveling sales staff find their car broken into and their laptop bag stolen or merely become the victim of a subway bump-and-grab.
The statistics around device theft like this are alarming. Last year Kensington published statistics claiming that up to one in ten laptops will be lost or stolen over their corporate lifespan. Another stat noted that one laptop is stolen every 53 seconds.
Today, thieves are finding that smartphones are even easier targets, and theft of these devices is becoming rampant. In San Francisco, fully half of all robberies now involve a cell phone--yet users have no qualms about walking down streets in the worst possible neighborhoods, their heads buried in their phones, oblivious to the world around them. New York has seen a 40-percent spike in cell phone thefts in the last year.
Phones are a liquid and lucrative market for thieves. They are easy to resell, they hold their value well, and they're incredibly portable and easy to conceal. (Which would draw more attention? Someone on the street with an iPhone or someone carrying a large television?) They're also incredibly easy to steal. Just grab the phone from their hands and make a run for it. No threat or confrontation is usually needed, unlike, say, stealing jewelry or a wallet -- although some device thefts have been incredibly, bloodily violent.
For businesses large and small, smartphone theft represents a massive amount of risk, far worse than the typical user faces due to the potential loss of a few phone numbers and your Angry Birds saved-game data. As businesses become increasingly mobile and 24/7 in nature, more and more sensitive data has moved to handsets. Contact lists, saved passwords, internal apps, and even mobile payment information is likely to be stored on a cell phone--all of which might be secured by a four-digit passcode, if at all.
Finally, someone is trying to do something about the problem. The Washington Post reports that a summit of sorts is about to get underway this week between the Attorneys General of New York and San Francisco and cell phone manufacturers, including Apple, Google, Microsoft, and Samsung. Their goal: Figure out a way for thefts to be discouraged by the creation of a "kill switch," so stolen phones can be easily disabled from anywhere. The kill switch would allow for phones to be made "completely useless" via a command sent to them wirelessly.
In the meantime, it's up to individuals and businesses to protect themselves. Near-term solutions include:
- Ensuring all devices are secured with the strongest passcodes possible (it may not be much, but it's something).
- Enabling options to wipe data from a phone if too many incorrect passcodes are entered.
- Installing apps like Find My iPhone to help law enforcement locate and recover missing handsets.