Discarded phones present data leak risk
Becky Frith, August 12, 2015
Employees could be unwittingly leaking their workplace's data when disposing of electronic devices, according to research from Proven Legal Technologies.
The firm purchased four random smartphones on eBay, each from a different UK seller. When analysed, company data that had previously been ‘wiped’ by their former owners was present.
Items detected included confidential business records and valuable intellectual property, colleague and client contact details, and web searches and location data.
Phil Beckett, a partner at Proven Legal Technologies, said that companies and individuals must be aware that pressing delete is simply not enough. “Businesses of all sizes are vulnerable to confidential data loss, and given the vast amount of information housed on corporate devices these days, this could result in some very serious problems,” he said.
“Our research shows that even smartphones that have previously been ‘wiped’ are still at risk. This should act as a call to action for businesses to take precautions around BYOD (bring your own device to work) schemes, and keep a close eye on where confidential information is being stored and sent; educating themselves, and employees, of the dangers.”
The top five items detected on ‘wiped’ devices were:
1. Documents and files: Between the four smartphones, 1,531 deleted files and documents were recovered, many of which contained confidential business records and valuable intellectual property.
2. Messages and calls: The four phones had 1,391 calls, 442 SMS, and 438 emails tracked and stored on them, which could leave a company open to fraud through providing access to corporate communications and details.
3. Contact details: Contact details for 54 people or organisations were located on the smartphones, with a further 10 that no-one had attempted to wipe. Proven Legal Technologies highlighted that colleagues and companies could be put at risk by criminals using phone numbers and email addresses to target their victims.
4. Private information: The previous owners of the four analysed phones unknowingly made their web searches and location data accessible, with 351 search histories stored, and 525 instances of deleted location recovered.
5. Images: More than 33,000 images were found on the secondhand devices, which could potentially compromise a company’s reputation if they are of a personal nature and fall into the wrong hands. Almost two-thirds (66%) of the pictures recovered had not been deleted.