September 11, 2014

Information Security: How to Protect Sensitive Data on Smartphones

When it comes to information security in the workplace, smartphones are changing things – and fast.

The technology research firm Gartner says that by 2016, 40% of the global workforce will be mobile, with 67% of workers using smartphones. (Those numbers are not that surprising when you consider that 90% of American adults have a cell phone today, and 58% of those are smartphones according to Pew Research Center’s statistics).

On the job, smartphones allow employees to do business and access information from virtually anywhere, at any time – and that leads to greater productivity.

On the other hand, the risk of security threats and data breaches increases with 24/7 mobile connectivity and more private information than ever being stored on mobile devices. Smartphones are also being stolen by identity thieves. A Consumer Reports survey showed about 3.1 million consumers’ smartphones were stolen in 2013, and almost half as many were lost.

The good news is there are moves to build more protection into phones. The Smartphone Anti-Theft Voluntary Commitment would equip all phones with the ability to remotely wipe data from a lost or stolen phone by 2015. The Smartphone Theft Prevention Act would go one step further and require a ‘kill switch’ that would have to work globally.  

Also, the Mobile Device Theft Deterrence Act would impose tough penalties for those who steal devices or modify them illegally.

At the same time, there are strategies that will help safeguard personally identifiable information on employees’ smartphones.  

  1. Policy: Create a comprehensive Mobile Devices Security Policy or Bring Your Own Device (BYOD) policy that details security requirements and puts limits on downloading apps, social media, and other usage that may increase data breach risk.   
  2. IT Intelligence:  Equip smartphones with up-to-date security tools such as anti-malware, anti-theft, password protection, automatic lock features, and encryption. About one-third of smartphone owners in a recent Consumer Reports Survey did not take any measures to protect their phone and the data on it.
  3. Best Practices:  Use security awareness programs to teach employees about information security in and out of the workplace. For example, never leave a mobile device unattended and download only the sensitive data that is absolutely necessary. The Human Factor in Data Protection Study by the Ponemon Institute showed 56% of employees ‘frequently’ or ‘very frequently’ store sensitive data on their smartphones.
  4. Audit Security Policies: Conduct an information security risk assessment on a regular basis to identify vulnerabilities of smartphone usage by the mobile workforce – and implement solutions. 
  5. Shred-all Policy:  A shred-all policy will help reduce the likelihood of a paper document breach (mobile workers still print out materials). All documents must be fully destroyed when no longer needed. Partner with a reliable document destruction company and discuss shredding services for the mobile workforce.  
  6. Destroy Hard Drives too: Ensure that obsolete smartphones are properly disposed of so that confidential information cannot be recovered. Physical hard drive destruction is the only 100% secure way to destroy data on hard drives.

Here are more tips on information security and how to improve safety practices and protocols in the workplace.