Cyber Safety: A Look At The Symantec Honey Stick Project

Monday, November 14, 2016 10:30 am, Posted by Absolute Destruction

We’ve all felt that momentary feeling of panic when we can’t find our smartphones. It’s usually short-lived after a frantic search reveals it in an unlikely place, like the top of a bookshelf or between two couch cushions, but not all of us are so lucky. Sometimes, our carelessness isn’t confined to the home, and we end up leaving behind our Androids or iPhones in coffee shops, restaurants, and a variety of other public places. If we don’t notice the absence immediately and double back to the last place we used it, there’s a chance a stranger may snatch it up. Unfortunately, it’s not just the loss of a costly phone and all of your photos you have to worry about, as a recent experiment conducted by Symantec has revealed. For those who use their devices for work, it can result in damaging identity theft.

Symantec is a world leader in cyber security and is the organization behind Norton Anti-Virus. The security company is known for its annual Internet Security Threat Reports that analyze the different kind of online breaches that occur. Back in May, we took a look at their breakdown of 2015; however, Symantec intermittently produces other reports and studies on the status of security. Today, we’ll look to a report they’ve called, “The Honey Stick Project”.

Conducted in 2014, the Honey Stick Project involved the release of 60 unprotected smartphones in 6 cities across Canada, including our very own Toronto. Each device was loaded with simulated corporate and personal data, as well as a way for Symantec to monitor how they were used if they were found. Their results may surprise you. An astounding 93% of phones were accessed for data once discovered — but not necessarily with good intentions. In 90% of cases, the device was accessed for data other than the owner’s contact information, while only 55% of these cases ever attempted to make contact with the owner to return their device.

Let’s take a look at a breakdown of the numbers to see what kind of information was accessed in these unprotected phones.

  • It took an average of 0.75 hours for a smartphone to be found and accessed.
  • 83% of all phones showed access to personal apps and data, which included photos, online banking, webmail, and social media.
  • 63% of phones showed access to corporate apps and data, which included HR cases and salaries, corporate email, and remote administrative apps.

The findings highlight the need for security protocols for smartphones. Without it, a lost and unprotected phone poses significant risk to personal and corporate privacy. People (even Good Samaritans) are naturally curious, and they will access applications with sensitive financial and intellectual data if they can. That’s why it’s important to install essential security measures on devices, especially if they’re used for work. These measures — such as passwords, encryption, and remote ways to lock or wipe the device — are the only way to prevent access to confidential data.

Hoping a phone will never get stolen or go missing simply isn’t enough precaution. Sometimes, despite our best efforts, we lose the very thing we try to protect — in which case, it’s better to be prepared for the worst case scenario. Follow the appropriate security measures for personal and corporate devices, and don’t forget to destroy them properly when you’re ready to upgrade.

Our electronics act as a doorway to confidential information. Don’t give anyone the key by leaving it unlocked. Take the appropriate steps to secure it throughout its lifetime (and when you’re ready to throw them away), and you can keep your personal and corporate data private — the way it should be!

© 2018 Absolute Destruction. All rights Reserved.