Be careful what you store on your mobile device. It’s a long held maxim that came more clearly into focus this past week following reports of a lost Apple iPhone containing nude photos.
According to a story in the Associated Press, Phillip Sherman accidentally left his iPhone behind at a local McDonald’s franchise in Fayetteville, Arkansas.
After he returned to retrieve it, he said he discovered nude photos of his wife that he’d stored on his iPhone had been illegally distributed on the Internet without his consent.
Now he and his wife, Tina, are suing the McDonald’s Corp., the franchise owner and the store manager for $3 million in damages, according to the AP, for “suffering, embarrassment and the cost of having to move to a new home.” The suit says that Sherman left the phone at the McDonald’s in July and that employees promised to secure it until he returned.
Whatever the outcome of the case, security experts say it’s another example of how unauthorized access and distribution of inappropriate or confidential content can ignite corporate brand disasters and data security headaches.
“Photos like nude shots of someone’s spouse are not the only sensitive data on a smartphone,” Tom Cross, IBM X-force researcher, told InternetNews.com. The X-Force is a research group within IBM’s Internet Security Systems division.
“Users are carrying these devices everywhere as they use it for both work and life,” explained Cross.
Security measures and a backup plan
Whether the Arkansas incident bears out — there have been some online reports it’s a hoax — companies can learn several lessons, Cross said.
The first is educating users about keeping sensitive and personal data off the device, said Cross. While users will nod and agree about why it’s important, Cross said IT has to acknowledge that it will happen and should put security measures in place as a backup plan.
Cross recommends strong password protection policies, including one that shuts down a device once it goes inactive for five or ten seconds. Such automatic locking will stop unauthorized access to confidential information, he explained.
“You have to put policies in place and manage those policies. It’s not just a matter of losing a $400 device. It’s the case of losing invaluable data,” he said.
The next step is instructing employees to notify IT immediately once a device goes missing. That way the smartphone can either be remotely locked or wiped clean. This could go a long way toward preventing such ‘iPhone nude woman’ scenarios, said Cross.
As the security expert noted, IT teams don’t have the time to check smartphones for inappropriate content such as nude photos. But they should make the time to put good security policies and management strategies in place, he said.