Help Desk Headaches: Customer data loss

help_deskHere’s an unpleasant help desk scenario for you to think about: You get a help desk ticket from the marketing manager saying I lost my phone. I think it may have been stolen. The phone had confidential customer data on it. It’s going to be a long day.

You find out the manager had used his phone the evening before to download an email attachment: a spreadsheet containing the company’s top one thousand customers based on purchases connected to their loyalty card accounts. Mr. Responsibility left his unlocked phone at the restaurant where he was eating last night, and it’s nowhere to be found.

Now what do you do?

You start by asking questions to determine the level of exposure. Did the manager use a PIN to secure his phone? No, it took too long to enter the PIN, so he used a simple swipe. Was the phone encrypted? Encrypted? What’s that? Did he have any security software installed that would allow him to remotely lock, locate, or wipe the phone? He was thinking about installing something like that, but he hadn’t gotten around to it yet. This is not good.

Now you’ve got to escalate. You update your boss, the IT director, who recognizes the severity of the incident and notifies her manager, the COO. Your boss then spends the rest of the day in meetings with senior executives, the general counsel, and PR. She is not going to be happy.

You end up in several of the meetings, attempting to answer unpleasant questions like:

Didn’t the company have security for mobile email?

Yes, they had secure access to the mail server, but that didn’t protect the data once it was on someone’s phone.

Didn’t the business have policies about this?

Yes, but they had no way to enforce them.

If this potential disaster is giving you the sweats, there’s a way to make sure this never happens to you.  Sophos Mobile Control makes mobile device management easy.

Sing up for a free trial today at Sophos.com/mobilecontrol.

Leave a Reply

Your email address will not be published. Required fields are marked *