Mobile devices lost in London underline security risk

Businesses are being urged to recognise the potential security risks of lost mobile phones and computing devices in the latest report from think tank Parliament Street.

According to the report, 25,690 mobile devices were lost on tubes, trains and buses in London between April 2017 and April 2018.

The report warned that lost mobile devices pose a risk for UK businesses, in terms of fraudulent activity, identity verification and data security.

The report, entitled Identity crisis: The risks of personal device security, revealed that the most often lost device was mobiles phones, with 23,453 handsets ending up in lost property over the course of a year.

Mobile phones represent the greatest risk of identity theft to individuals and important data loss to businesses, the report said.

Laptops represent the next most commonly lost device, with a total of 1,155 lost, followed by tablet computers, with 1,082 devices lost.

Barry Scott, CTO for Europe at identity and access management firm Centrify, said that with tens of thousands of electronic devices going missing every year, businesses need to wake up to the fact that fraudsters will be attempting to gain access to critical information through lost or stolen devices.

“With cyber attacks increasing at an alarming rate, simple password-based security measures are no longer fit for purpose,” he said.

“Failure to take action acts as an open invitation to cyber criminals and hackers, who see lost devices as an easy way into a corporate enterprise”

Instead, Scott said businesses needed to adopt a zero-trust approach, verifying users, their devices and limiting access to the volume of data they can access.

“Failure to take action acts as an open invitation to cyber criminals and hackers, who see lost devices as an easy way into a corporate enterprise,” he said.

Robert Coleman, CTO for UK and Ireland at CA Technologies, said that with businesses investing heavily in purchasing and developing growing volumes of applications to improve employee productivity, the security threat posed by lost and stolen devices had increased dramatically.

“Apps without strong security protection can be an easy route into a goldmine of corporate data,” he said.

For this reason, Coleman said companies should ensure the applications which resides on employee devices are accessible only by the correct users, so that fraudsters cannot exploit them as a backdoor into the business.

Clive Longbottom, service director at Quocirca, recommended that companies consider creating corporate partitions on employee devices.

“This is needed so that the partition can be regarded as being ‘owned’ by the business, and can then be deleted should the device be stolen or lost, or when an employee leaves the organisation,” he told Computer Weekly.

Longbottom also advised companies to encrypt the corporate partition on employee devices so that no one can copy the data, and to use secondary security, preferably two-factor authentication, to gain access to the corporate partition.

By using partitioning, encryption and secondary security, organisations can reduce the security risk from stolen or lost mobile devices significantly.