by Paolo Sartori
Mobile phone theft is on the rise in Great Britain, especially in bustling cities. On the London Underground system alone, phone thefts have risen by 25% in the past year with an average of twelve people being pickpocketed each day. This could be due to the fact that we are using our phones for an increasing number of things, meaning that it is often in our hands and not in a secure place. A phone may have originally been for making phone calls, but it now has the ability to play music, pay for parking and send out emails.
An increasingly common crime is moped enabled phone theft. Here, an unsuspecting victim will be using their phone to for a day-to-day activity such as paying for parking via an app or listening to music. The moped driver will then come riding alongside the phone user and will snatch the device before speeding off. Between 2017 and 2018, the Metropolitan police were called to 430 moped-enabled crimes a week. The year before, in 2016, 446,000 Brits had their phones stolen including, Home Secretary, Sajid Javid.
An investigative piece in The Sun found that stolen phones are frequently sent to Eastern Europe where criminal gangs strip the phone of any valuable data. This data is then monetised and sold between various cyber-criminal gangs. Once the phone has been wiped it is sent to countries across the world such as Nigeria where the phone is sold in shops and markets to innocent customers who are unaware of the journey that their new phone has been on.
When our phone gets stolen, we often think of how it immediately affects us with the loss of treasured photos, saved messages and the cost of buying a new handset. However, what we don’t consider are the legal implications for ourselves and our employers. With nearly half of all emails being read on mobile devices throughout the world, employees are reliant on their phones for sending work emails and storing work contacts, regardless if they are work-specific or personal handsets. If someone loses their phone, whether it’s stolen by a thief on a moped or left on public transport, and it has a work email account on it, then that company’s data has been breached and they have 48 hours to take action before they face costly consequences. This could be a huge issue for employers.
If your phone is stolen and that phone has any work information on it, even if it is just a work contact’s email address, then you have a duty to inform your employer of the lost phone. They need to then report this breach to the Information Commissioner’s Office (ICO).
Failure to disclose a GDPR breach to the ICO can result in a fine of up to £20 million or 4% of the company’s revenue, whichever is higher.
On the ICO website you can fill out a self-assessment form to see whether you need to report a breach to the ICO. If it is deemed that you need to report the breach then it is important that you can include as much detail as possible. The ICO will want to know when the breach happened, how it occurred, when it was realised to have occurred and the steps that the company have taken to rectify it.
People don’t bat an eyelid when they use work emails on their phone, but employers need to seriously think about how their employees use work data on their phones. Businesses and individuals alike need to be planning ahead of thefts and losses and the ensuing data breaches in terms of ensuring that their data is safe and secure for the future.
There are steps that everyone needs to take to try and stop their phone from being stolen. These include keeping it in a safe space on your person and preferably out of sight. As well as this, it is important that people are constantly aware of their surroundings so I advise that if you are walking around with your phone in your hand then do not also wear noise cancelling headphones so you can be aware of what is around you. It is imperative that people regularly back up their phones to ensure that treasured items are not lost, this also means that you will be able to know exactly what information was lost on your phone when reporting it to your employer and the ICO.
At TransWorldCom we suggest that companies utilise Mobile Device Management (MDM) software to secure and manage modern operating systems in a world of mixed-use devices. MDM software ensures that corporate information can be secured wherever it lives, while preserving the sanctity of employee privacy. This is regardless of whether the device is owned by the company or is a personal handset. This is often overlooked, but it could be a costly mistake if both businesses and employees do not take the appropriate action.