Many businesses provide their employees with smart phones, these smart phones being ideal for the smooth operation of the business due to their diminutive size and versatile features. Although every device is owned by the business itself, employees are usually free to use their devices according to their own discretion. There is no doubt that providing employees with smartphones is a fringe benefit that will motivate employees and also help them perform remote tasks with convenience. However, there is one slight drawback of providing employees with smart phones: these devices will invariably contain sensitive information which the business cannot protect.
When the device is under the possession of an employee, it is their sole responsibility to make sure that the device is kept safe from any security risks. Businesses can take different steps to make sure that the device is protected by security locks and other counter measures; but once the device is resold or lost, all of these measures are simply frivolous. What businesses have to realise is that these devices provide hackers with the perfect opportunity to obtain sensitive information which they can use to their own advantage.
Recently, Gartner published a report which stated that proliferation of mobile devices and reselling of these devices could prove a staggering barrier to effective data security. This study enunciates the fact that company issued mobile devices should be considered a serious security threat, especially when they are being resold. To further emphasise how selling old phones can pose a security risk for your business, we have given a list of ways hackers exploit these phones:
The first risk these devices pose to a business is that hackers can use the device to retrieve sensitive data such as contact lists. Once they have the contact list they can also target the phones which are currently being used by other employees, by sending out malicious codes via MMS, SMS and email. The moment these codes are accessed by users, the hacker will automatically have access to their devices. They can then use this information to exploit the business and can seriously hamper the operation of the business.
Forensic Data Retrieval
This may come as a surprise to many but even if a device has been subjected to a hard reset, the data present on the unit can still be retrieved. What is even more shocking is the fact that you do not have to be a hacker in order to retrieve this data: all you need is to download an application called Forensic Data Retrieval. This application is on every mobile platform and is publically available. This means that each device resold on the market can be used to retrieve your data. Businesses frequently sell off their used smart phones in bulk. Imagine if a hacker just got hold of just a couple of these devices and retrieved the data?
Secure Your Mobile Data
To make matters worse most of the company’s data traffic will pass through mobile devices, even if it doesn’t originate there. This means that a substantial portion of sensitive data can be retrieved from these devices. This is why it is imperative for every business to effectively wipe their devices using a data wiping service, before reselling their used units.