news / tech talk

Smartphone Data Security

by Lee LeClair
01/15/2010
As seen in Inside Tucson Business

As most people know, there is a continuing progression going on as humanity moves from vanilla mobile telephones to smartphones like migratory birds. RIM Blackberrys (or Crackberrys) got things moving in the corporate world and of course the iPhone set the consumer market on fire. Palm has the Pre and Google has an ever growing armada of Android based smartphones not to mention Microsoft's floundering Windows Mobile and many other systems and variants. Smartphones are really micro-computers with enhanced communications functions that happen to include mobile telephony and their use is growing at an amazing pace with major warfare in the commercial market. Kids use them for incessant texting, adults too (if only to communicate with their kids) plus email, web browsing, address books, appointments, music, pictures (taking and viewing), games, and so on. The library of applications is always growing, luring people away from "plain old" mobile phones and even their computers.

This migration to smartphones has made them a part of our lives with roots extending into many aspects of lives including personal and business email accounts, contact lists, and even storage of sensitive information like login/passwords for bank accounts, online accounts, ebay accounts, etc. While most business users still travel with their laptops, many have gone to netbooks or tiny sub-notebooks bolstered with their smartphones. The smartphone has become the communications workhorse but, still lacking the ergonomics and power to run office applications, a netbook is often "good enough" for travel needs.
This is fine as travel becomes lighter and more comfortable; the smartphone keeps one in contact with friends, family and the office without hunting down a power outlet, wireless hotspot, etc. and then unpacking a bag. Its always on and always in touch; read the news, get texts, check your mail, it's great right? Mostly, but what if you lost that smartphone or it is was stolen? It is small and could slip out of your pocket or your "holster" could be knocked free of your belt or bag in the hectic rush of travel. What then? What information could someone glean from your lost device? Have you enabled the locking feature or was that too inconvenient? Is your and your company's email safe? Your email and telephone contact lists? Lots of people I know store PINs, login/passwords, and a lot of other data that they do not want to memorize on their mobiles.

These issues are hitting businesses as well as individuals. Folks who have lost their smartphones often wail "I had my LIFE on there!" Obviously, you can also see the business impacts of that as well. Most businesses therefore require their sales staff to backup their rolodex to a PC or even central server on a periodic basis just to ensure they don't lose one of their more coveted assets. Whether for your personal life or for your business, you should have a plan of action for the loss/theft of your smartphone. A prioritized series of steps you take similar but more involved than when you lose your wallet. For a wallet, you first cancel your credit cards (keeping your cursing under your breath) and then try to figure out when you can get a duplicate driver's license and you are nearly done.
For a smartphone: notify your provider about the loss/theft, notify your business IT department (if it is a business asset), change all the email account passwords for which you had connections on your smartphone, change all the login account passwords for which you had passwords stored in memory, hope that the password protected encryption program you used to safeguard stored PINs, passwords, etc. is tough enough to withstand an assault or go about changing those too if you can, rely upon your frequent backups of data from your smartphone to re-populate a new smartphone. You did have a password protected encryption program to store sensitive info like passwords and PINs, right? And of course you performed frequent backups to a service, pc or some other system for your contacts and other info, right? If you have done everything right, then the best someone can do is try to re-use or resell the hardware rather than pillage your accounts.
Often one does not appreciate the impact of a lost asset until it is already gone. Whether for yourself or your business, think through what you should do now to protect the information on your smartphone and/or the information your smartphone can access. If you store sensitive information like PIN codes, passwords, etc. on your device, then research a reputable encryption program to protect it. Finally as with all data, back it up on some repeating basis that you can live with and then enjoy that smartphone because they really are convenient.

Lee Le Clair is the CTO at Ephibian. His Tech Talk column appears the third week of each month in Inside Tucson Business