Posts

iPad & Tablet Users Asking for Identity Theft

The identity theft and corporate data risk problem isn’t limited to iPad users – it affects all Tablets – but iPads are leading the way. With the rapid increase in highly powerful tablet computers, including the Motorola Xoon and Samsung Galaxy, a new survey is urging users to beware of the risks. Harris Interactive just released a study showing that tablet users transmit more sensitive information than they do on smartphones and are considerably less confident of the security protecting those tablets.

The survey shows that 48% of tablet users transfer sensitive data using the device while only 30% of smart phone users transfer sensitive information. The types of sensitive data included credit card, financial, personal and even proprietary business information. Many factors contribute to the increased risk:

  • Users initially bought tablets as book readers and web browsers, but have increasingly added to their functionality with new Apps.
  • Tablet computers are in their infancy and haven’t been equipped with the same security features as laptops and desktops.
  • Corporate users haven’t yet been trained on securing the data on tablets.
  • Tablets are more capable than smartphones, making it a natural laptop replacement, but without the robust, time-tested security.
  • Indiscriminate App downloading (covered in detail in the Smartphone Survival Guide) greatly increases chances of accidentally loading malware to your tablet.
  • Many companies buy their employees tablets rather than laptops because they are less expensive, more mobile, and have similar capabilities. Unfortunately, they are failing to consider the increased risk posed by the trendy computers.

If you are using your tablet like a laptop (email, accessing bank accounts, transmitting business documents), take the following minimum steps:

  1. Turn on password protection to get into the device.
  2. Enable remote tracking and wiping capabilities in case the device is lost or stolen.
  3. Utilize secure wireless connections only (not free WiFi hotspots in cafes, airports and hotels) to eliminate signal sniffing.
  4. Limit the data you store and transmit on your tablet until the security features have caught up with the functionality.
  5. Physically lock up the device when not in use. Never leave it on the table at Starbucks like someone did in the photo to the right.

Tablets are a slippery slope – they make computing so user friendly that you start to think it’s a friendly computing world out there. Unfortunately, cyber criminals and your competitors have a different idea. Don’t wait to find out what they can do with your private data.

John Sileo trains organizations to protect sensitive data, including that exposed on tablets, smartphones, laptops and social networking sites. His clients include the Department of Defense, Pfizer, Homeland Security and organizations of all sizes. Learn more about bringing in a Data Security Speaker or contact John directly on 800.258.8076.

Using the iPhone 4 to Spy on Competitors

Steve Jobs unveiled Apple’s new iPhone 4 on June 7 in San Francisco. While the new features keep the iPhone at the forefront of technology, they also cause some privacy concerns.

One concern that carries over from previous iPhone models is the Always-on iPhone Apps that track your every move through the GPS navigation system. Back in April, Apple began allowing location-tracking applications to run in the background.  So, for example, companies like FourSquare, Yelp, and Facebook can continuously track your location, providing automatic notifications  to your friends when you are less than 1/2 mile away from them, if you allow them.

For example, I just had a highly confidential client meeting at the client’s corporate headquarters. To the  uninitiated, that means that the company I was visiting is probably having data theft issues (and has brought me in to help). If the media finds out that they are having these issues before the company has had a chance to start the damage control process, their stock will drop far faster than if they have prepared for the news to go public. If Facebook or FourSquare is broadcasting my whereabouts, my followers already know which company is having the problem, their competitors know it (if they are following my GPS broadcasts), and the media sits and waits for me to enter the building. Luckily, I’m not well-known enough for anyone to care, but just in case, I don’t broadcast my whereabouts. Other, far more influential people, do so without thinking twice about it. Which goes to show you that there are ways to utilize all of the cool new technology without letting it control you. With the right knowledge, you can take control of how your information is utilized.

Apple does realize the privacy concerns with location tracking and gives users a way to control how much information is shared.  When you open an app, the top bar will show a little arrow in the right-hand corner, indicating location awareness (pictured to the right). There will also be a dashboard where you can toggle location-tracking permissions on and off for different apps. Regardless, this means that more companies will have access you your location than before.

High-definition video is a second tool that will be used by data spies. What could be easier than for an identity thief to pretend they are on the phone as they are actually filming you typing in your ATM PIN in front of them? Why does iPhone 4 change the game? Because Hi-definition means that they can stand further away and still get high quality video with which to read your data. A simple sweep of an office desk, a client file, etc. with high definition video gives me all of the documents I need to learn more about your company. Think of it as a spy camera that provides thousands of pictures a minute and is hidden as the most ubiquitous device on the planet – a cell phone. It’s a powerful tool both for good and bad.

There is no silver bullet solution to the new problems posed by GPS and Hi-Def video. As we teach in our Privacy Survival Boot Camps, what is required is an integrated privacy plan that implements some of the following steps:

  • Social Networking and GPS proper usage guidelines to make users aware of the consequences of their actions using these tools
  • Classification systems and clean-desk policies (so that a confidential document isn’t left out on the desktop to be filmed in the first place)
  • Access privileges (to keep non-authorized personnel from accessing sensitive areas)
  • Employee fraud training (to make everyone in the company aware of these issues and give them more detailed tools to protect themselves and the company)

The iPhone 4 is a wonderful business tool that will drastically increase the productivity and connectivity of the workforce. But like any powerful tool, it can be used for dishonest purposes. The first step is to educate yourself and your staff on how these tools can be used, for good or evil.

John Sileo is the award-winning author of Stolen Lives and Privacy Means Profit (Wiley, August 2010), a professional Financial Speaker and America’s leading identity theft expert. His clients include the Department of Defense, FTC, FDIC and Pfizer; his recent media appearances include 60 Minutes. Contact him on 800.258.8076.