Migrated from eDJGroupInc.com. Author: Greg Buckles. Published: 2015-03-31 20:00:00Format, images and links may no longer function correctly.
Several years ago a good friend still in law enforcement shared the disturbing trend of international hackers buying used corporate smart phones for their stored credentials. Most of my clients have implemented basic BYOD security requirements that ‘can’ limit the damage from a lost, stolen or sold smart phone packed with customer PII, confidential pricing data or worse. A Buzzfeed story popped up in my search feed that shows the lighter side of unsecured smart phones. It is a warm and fuzzy tale that includes gobs of pictures and stored iCloud credentials that is worth a quick read. After you have recovered from your emotional sugar coma, let’s look at how easily this story could have turned dark and scary.
The author’s iPhone was stolen and he never thought to remotely wipe it or change his service passwords until Chinese selfies started appearing in his iCloud photos. As corporations start to pilot and migrate to Office 365, Google Docs and Amazon Workmail, users demand single sign on and stored credentials on their mobile devices. No one wants to type a case-sensitive, 8-digit password that includes numbers every time email, Jabber, Yammer, FaceBook, etc pings. They proudly share their favorite hacks that bypass cumbersome ‘best practice’ security protocols. So enjoy the cross-cultural tale of unexpected connections from international crime rings, but imagine the potential havoc a hacker could wreak with an unencrypted executive smart phone or tablet.
Greg Buckles wants your feedback, questions or project inquiries at Greg@eDJGroupInc.com. His active research topics include analytics, mobile device discovery, the discovery impact of the cloud, Microsoft’s 2013 eDiscovery Center and multi-matter discovery. Recent consulting engagements include managing preservation during enterprise migrations, legacy tape eliminations, retention enablement and many more.
Blog perspectives are personal opinions and should not be interpreted as a professional judgment. eDJ consultants are not journalists and perspectives are based on public information. Blog content is neither approved nor reviewed by any providers prior to being posted. Do you want to share your own perspective? eDJ Group is looking for practical, professional informative perspectives free of marketing fluff, hidden agendas or personal/product bias. Outside blogs will clearly indicate the author, company and any relevant affiliations.