Symantec intentionally “lost” 50 smart phones in several urban centers to see what would happen.  The results are unnerving.

Of the strangers that found the phones:

  • 96% tried to access information on the lost phones
  • 89% tried to access personal apps or information
  • 83% tried to access corporate data
  • 50% returned the phones to their owners

The basic message is that lost phones are data free-for-alls. Whatever information is not locked down will likely be compromised.

This is challenging enough for IT departments that own the phones. Wiping lost devices remotely is possible, but time is critical. By the time the loss is reported it may be too late.

Even more challenging is protecting corporate data on phones that the company does not own. Bring Your Own Device (BYOD) policies mean that IT is no longer able to wipe the entire phone. They do have control of the data, though – or should. As Symantec says, this is a new minimum requirement for information security.

How does IT regain control of their data?  They need to think from the data’s point of view, and figure out how to maintain control of content wherever it goes, independent of networks and devices. It requires changes to corporate policy, but also persistent data protection that travels with the data. Technologies are now surfacing that do this.

Getting back this basic control of information is going to be critical for businesses, given the trajectory of mobile data usage. IT can’t afford to react after-the-fact as issues like these increase in frequency and impact.