There was an interesting article on the BBC Website last week about what happens to your email accounts, social networking accounts and other data after you die. In particular, how your next of kin get access to passwords so that they can access all that data that you hold in the cloud. Today also sees the launch of yet another social networking type site, with Google’s new Wave service, which aims to bring email, instant messaging, chat and third party apps together in one big happy family. Hnmmm, isn’t that what Facebook does?
However, one thing that rarely gets mentioned is the plethora of data that each of us now carry, or have access to, through mobile devices, such as mobile phones and PDAs. Whilst (the lack of) encryption of mobile devices used by the public and private sector is becoming an almost daily news event, how often do you hear about protection of personal, non-work, mobile devices, which are almost always unprotected?
You may think that there isn’t really anything to protect here. But consider this. If you have an iPhone, iPod Touch, Blackberry or other “smart” device offering access to the Internet, it’s likely that you can access your email account, social networking account, contacts and other personal information without needing to enter a password – you simply load up the relevant app and will be logged straight in. The Internet browser may also have saved website passwords. As the app market matures, it is likely that banks will start offering Internet banking apps that allow you to access your personal bank account through your iPhone or Blackberry. We may also see apps allowing access to NHS and other sensitive records and services. The “Internet in your pocket” isn’t just marketing fluff.
But what happens if your device is lost or stolen? As well as the inconvenience of losing your device (and any data on it that hasn’t been backed up) and people spamming in your name, you will probably need to reset all the passwords for your email and other accounts. There’s also a reasonable risk of identity theft in one way or another – whether it be people hijacking your email account, attempting to access your bank or credit card account, or buying things through Amazon with your saved credit card details. If you have been negligent in protecting your account (or card number), it is likely that a bank would take a dim view of any loss suffered – have a look at your online banking ts and cs. Other organisations are likely to take the same view.
Most devices tend not to come with their security features activated. One of the easiest things to do to reduce this risk is to regularly back-up your device and activate the main password protection function on the device. It’s a fairly simple step, but it is amazing how many people don’t use it. On the iPhone and iPod Touch, you can also set the device to erase all data on it after ten failed password attempts.
Whilst this protection may not stop a determined hacker with time and specialist software at his disposal, it may stop the average phone thief from easy access to your data.