With the prevalence of mobile devices around the globe, securing the data contained on them has become an increasingly common challenge encountered by Kroll’s information assurance experts. Added to this is a company’s struggle to ensure that their security procedures keep pace with the dizzying array of new devices introduced into the corporate environment. Although many companies have implemented end-point security measures such as encryption on laptop computers, similar protection for other devices that leave the corporate environment are lagging behind. At conferences and meetings, we’ll often ask attendees: “Is the mobile device in your possession encrypted or, at a minimum, password protected?” On a good day, we may see 25-30 percent of the audience positively respond.

Why should companies be concerned? There are numerous threats that exist for today’s mobile devices. These threats include, but are not limited to the following:

1. Malware: Attackers are increasingly focusing their talents on developing malware targeting mobile device operating systems Forms of malware include: worms, viruses, Trojans and spyware. These can be used to steal sensitive data or carry out a targeted attack against other mobile devices.

2. Phishing scams: Phishing is a method of acquiring sensitive information. These data breaches can come in the form of links inside an email message, text message or even a social networking message or post.

3. Unlicensed applications: Only download applications from sites you know and trust. There are numerous unlicensed applications designed for mobile devices that may actually contain hidden spyware. This spyware can monitor your activity and even retrieve data from your mobile device.

4. Signal interception: This is also known as phone tapping or eavesdropping. Mobile device communications, specifically email and text messaging are capable of being intercepted.

5. Lost or stolen devices: Mobile devices are generally small and easy to misplace. Although most mobile device thieves are after the device itself, any sensitive data you have stored on the device may be compromised in the process.

Chances are you have a lot of personally identifiable information (PII) on your mobile device – for instance, are all of your contacts readily accessible? Do you have instant access to your personal and business email?

If the device is not secured, sensitive PII is now available to be seen by whoever has your mobile device. If the device is encrypted, or at a minimum protected with a password or PIN, the risk of data loss is reduced exponentially. Technology that enables remote wiping of mobile devices offers a further level of protection against data loss—provided the user quickly notifies corporate security of the device loss. While none of these protections obviate the need to report the loss, they do substantially reduce the likelihood of the data being accessed by a malicious attacker.

What You Can Do To Protect Yourself

1. Password protect your mobile device using a complex password

2. Encrypt the mobile device if possible

3. Enable remote wiping capabilities

4. Update the software on a regular basis

5. Install anti-virus software if available for your device

6. Disable Bluetooth and Wi-Fi if they are not being used

7. Avoid opening links to unknown websites

8. Do not open files that are attached to email messages where the sender is unknown to you

9. Do not join unknown Wi-Fi networks

by Robert Heller

Robert Heller is managing director of the Information Security, Forensics and Data Breach practice of Kroll. He oversees a team of computer forensics and information security experts. Heller’s training in electronic evidence preservation and analysis, and his work as a testifying expert in computer forensics, lends exceptional depth to Kroll’s position as a global first responder.