Data Breaches on the Loo Hendrik Parmentier
As an ICT responsible, it´s impossible these days to show your face and NOT be gunned down with snazzy compliancy acronyms, bravely wielded by an army of hopeful salespeople. While the General Data Protection Regulation isn´t actually the terrible and incomprehensible monster people would like you to believe, it DOES stress one really, really important piece of advice:
Keep your important data to yourself.
And there´s no difference between company-critical patent files, the medical history of your entire staff or a really long list of customers and their credit card info. Keep it safe, don´t lose it and don´t give it to strangers. Which brings me to my next point.
I visit a lot of companies. Inadvertently, that means I visit a lot of restrooms, too. They’re the bane of many a’ smartphone, since a lot of them find a watery death at the bottom of the bowl. Apart from that, if I wasn’t the exact opposite of a cybercriminal, I would probably be rich. Because a lot of people use their cell phones while they´re answering nature’s call. Which results in me finding about three cell phones a year on the lavatory. And about two out of three aren´t properly locked. Good times. The last one was from a guy named David and I´m pretty sure that Chantalle was not his wife.
Do you know what company data is stored or accessible through your coworker’s cell phone? Apart from all your customer contact information, your CRM app also accesses your entire commercial database, what everyone is paying and what your margins are. There´s probably also a link to your server for accessing private files, development details and maybe some really Big Data. And if that´s not bad enough, there´s a lot of personal stuff on those phones, too. From social media and dating apps to private banking tools and maybe even a couple of photographs you don´t want the world to see.
Don´t be naïve. These are data breaches and very dangerous ones at that. Data from lost and stolen mobile devices DOES get harvested and IS sold on the dark web. Examples aplenty. A 2016 study by Kensington calculated that 4,3% of all mobile devices a company owns get lost or stolen. Yearly. They also figured out the total real cost of a new device, loss of productivity, loss of intellectual property and privacy fines. It´s € 41.500,00. Per device. That´s € 178.450,00 per year for a 100-employee business.
So: protect your bloody mobile devices already, will you? Make your employees aware. Put a hosted antimalware solution in place. One that has a remote lock & wipe feature. Some mobile device management as well. Does everyone really need all those apps on their company phones and tablets?
Now that you´re all warned, next time I find a phone, I might be tempted to give Chantalle a call. She looked reeeaaally friendly.