Symantec employees lost 50 cell phones. Did not find?

So in life it happens, sometimes mobile phones are lost. So our employees also lose their phones. Recently lost 50 pieces. Almost one day.



If among our 20,000 employees, 50 lose their mobile phones, then this is generally, albeit with a stretch, but it fits into normal statistics. Only one thing is unusual - before losing, they installed a special software on them. Read under the cat how it was.
')
So, you guessed it, we lost these devices not by accident, but quite intentionally. Before this, some preparation was made. First, software was installed that allows you to track operations with this phone - first of all, to see what data was viewed on it. GPS tracking was also carried out to see if the phone was transferred to the police station or resold. Previously, the device was loaded with information of both personal and business nature - personal photos, applications for online banking, e-mail, files like “payroll list of company X”, etc.
In addition, the phone had contacts of its owner so that the finder could return it to the owner.

Further, the phones were scattered around the crowded places of major US cities and waited




So, what data we obtained at the output:

1. 50% of those who found the phone contacted the owner to return it. Accordingly, the other 50% did not want to return it.
2. On average, 10 hours after finding the new owner began to view the data in the phone
3. 6 out of 10 looked into the accounts of social networks
4. 4 out of 10 tried to use online banking
5. 89% viewed personal information, 83% - corporate, 70% - all
6. Total 96% viewed phone data. That is, even those nice people who returned your phone, rummaged in it as it should.

In this regard, valuable tips:

To users:

• Put the password on the phone. On some devices with touchscreen, you can put a password with a pattern (“draw to unlock”), if you prefer
• Use security software for smartphones. It can help prevent theft and access to information, establish the location of the phone, block it remotely or clear it
• Be alert and do not leave your smartphones unattended.
• It is advisable to equip your phone with any distinctive feature, so as not to be confused with someone else's phone of the same model. This could be, for example, a sticker or keychain.

Companies:

• Develop and apply strict IB policies for employees using mobile phones for work, incl. regarding password protection. Mobile security tools and mobile device management systems can help;
• Concentrate on protecting information, not just on protecting devices;
• Educate employees to secure mobile devices, discuss the associated risks and consequences that may occur if you lose a device;
• Keep an inventory of mobile devices that have access to the company network. It is impossible to protect that which you do not know;
• Formalize the process of actions required in case of loss / theft of the device;
• Integrate security and mobile device management into a common information security system and fleet management of corporate computers. They need to be administered in the same way as any other computer.

a detailed report on the project "Lure on the smartphone" can be found here (in English)