What would happen if you lost your mobile phone today?
Don’t let convenience seduce you away from e-Security.
You probably think the least secure aspect of using a mobile phone is that it transmits your private information over a radio link, but the fact is that the level of authentication and encryption in use today is sufficient for all but the most sensitive applications. The real problem is, what happens if your phone goes missing?
Ten years ago, if you left your mobile phone in the back of a taxi, or if it were taken from your handbag, you had two immediate issues: you just lost a relatively expensive consumer gadget, and you ran the risk of unauthorised calls on your account. Today, handsets are much cheaper, and calls are logged by your service provider, which perhaps explains why so many of us pass up the handset insurance offered in the shop.
The actual security problems with handset loss today are much worse. If your data enabled, smart, application rich mobile phone with integrated video camera were to fall out of your pocket, what would happen?
- Do you have private email or text messages stored on your phone?
- Do you receive push emails without entering a password every time?
Are you a system or web site administrator with mobile remote access?- Do you have remote mobile access to business documents via a Virtual Private Network?
- Do you do your banking or share trading from your mobile?
- Do you keep a file with all of your usernames and passwords?
- Do you have photos or videos which might make you the subject of embarrassment, ridicule, blackmail or even prosecution?
If you’ve set your phone up with automatic password authentication (let’s face it, entering a password on a mobile is a real pain), you are asking for trouble. If you are used to the convenience of letting your desktop "remember" your passwords, keep in mind that auto-saving passwords on your mobile device makes you particularly vulnerable. Your desktop computer is at least protected by a locked physical door and a master password when you log in; but being lax about mobile security is a different matter. 
This is not just a security headache for you – it can have major flow-on effects for your system administrator and your business.
To complicate things further, the memory on your phone is solid state, stores a lot less than your laptop’s hard drive, and rarely comes with effective memory cleansing. If your phone becomes the subject of forensic analysis (whether by investigators or hackers), chances are that there’ll be traces of usage history and passwords left behind. And that can open you up to all sorts of trouble.
So before you migrate all of your business operations to mobile devices, stop and think. If this gadget goes missing, what will be the consequences?
Dr Matthew Sorell is Senior Lecturer in Telecommunications and Multimedia Engineering at the University of Adelaide. He is also General Chair of e-Forensics – the annual international conference on Forensic Applications and Techniques in Telecommunications, Information and Multimedia, and an associate editor of the International Journal of Digital Crime and Forensics.
____________________________________
Dr Matthew Sorell is a guest blogger of our "e-Secuity & Small Business" forum which is part of the National e-Security Awareness Week, an annual initiative aiming to raise awareness about the importance of e-security among Australians.
To learn more, visit http://www.staysmartonline.gov.au/ today.
To find out about how to protect your business and your customers and stay safe when working from home, go to http://www.staysmartonline.gov.au/small-business-security, or sign up for the following free services:
__________________________________________
