Business iPhone users could spring security leaks

4 Jul 2008

Businesses already beset by the security threat of lost or stolen laptops will have another spectre to fear as executives toting snazzy consumer devices like the iPhone fail to encrypt them, making them easy prey to eagle-eyed thieves.

Earlier this year, Ireland was rocked by the loss of a laptop in New York belonging to the Irish Blood Transfusion Service, which contained details of 175,000 individuals.

This was compounded by a further revelation that a laptop containing 31,500 customer details belonging to Bank of Ireland was stolen, with over a six-month period elapsing before the bank made details of the theft public.

Every year, thousands of phones and laptops go missing or stolen, whether executives leave them on planes or trains or even in their cars as an open invitation for theft.

Often, for publicity purposes, firms don’t report the loss or theft of laptops and when a phone goes missing, many don’t consider it significant.

However, phones are now coming with increased computing power and data storage, not to mention a live feed of push email. In the hands of criminals, the impact on an organisation could be devastating.

Some organisations are already getting proactive. For example, the Department of Foreign Affairs has banned the use of BlackBerry-type devices. Many of these devices have live email feeds but operate outside of the corporate firewall.

Rene Hamel is a security expert from KPMG with a career which extends over 16 years of criminal investigations, including white-collar crimes and forensics for the Royal Canadian Police.

He has warned enterprises that companies spending a lot of money on firewalls to keep hackers out are overlooking the threat of data loss by careless employees, who may leave themselves open to data theft or loss.

New devices like the iPhone are not only attractive consumer devices but are also being viewed as future business devices for receiving email and working on the move given their ability to share presentations and conduct e-business.

According to Gartner, some 35pc of North American firms are currently trialling iPhones for deployment among executives.

Because of their snazzy nature and the hype surrounding them, such devices are a glittering prize in the eyes of thieves. Hamel warned that astute organisations should be focusing on technologies like encryption to safeguard iPhones and similar devices.

“It’s a potential disaster. Companies spend a lot of money to protect their assets. The biggest threat today is not so much hackers but laptops assigned to employees who connect remotely. Many are failing to encrypt these devices.

“BlackBerry devices can be encrypted and if you lose one there’s very little chance you’ll recover information from it. The iPhone will have to do the same thing. There’s a lot more information on them, anything between 8GB and 16GB. I would hope that businesses considering using them have studied the encryption situation,” Hamel said.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years