To carry out the research, 30 smartphones were “lost” in three Brazilian capitals – São Paulo, Rio de Janeiro and Brasília. The mobile devices used were modified so that the company could remotely monitor everything that people did with the devices, such as phone calls, access to applications, documents and photos, for example.
The Honey Stick experiment found that 90% of the lost smartphones had personal and professional data accessed by the person who found them. In only 27% of the cases, there was an attempt to return the cell phone, which does not imply the absence of previous access to data or other functions unduly.
The research was conducted by security researcher Scott Wright of Security Perspectives Inc. and also revealed that, once lost or stolen, there is more than a 50% chance of the equipment being attempted to breach corporate data and networks. That's why it's important to ensure the protection of information stored on mobile devices, whether personal or corporate. Mainly because even if phones are replaced, the data stored on them could be at risk.
The national version of Honey Stick also verified that:
- 83% devices were accessed to obtain personal information and use private applications. For business information and work applications this number drops to 53%;
- 47% of the equipment were accessed to obtain both information – personal or professional of the individual;
- On average, once lost, the phone took about three hours before it was accessed for the first time.
- 70% showed access to private photos and 47% on social networks and passwords;
- 40% reported attempted access to banking services; 37% in salary sheet; and 30% in corporate emails.
To keep information safe on mobile devices, Symantec provides tips for safe behavior:
1. Use the screen lock feature and set complex passwords: This is the most basic precaution and requires minimal effort on the part of the user and can be recommended by companies that encourage BYOD (Bring Your Onw Device, bring your own equipment, in Portuguese);