The Tech Herald

RSAC 2012: Lost or unclaimed devices pose risk to corporate data

by Steve Ragan - Mar 5 2012, 14:00

Lost or unclaimed devices pose risk to corporate data. (IMG: J.Anderson)

After a long week of meetings and tradeshow fun, it’s time to catch-up on missed emails and sort the vast amount of business cards that were collected during the 2012 RSA Conference. Still, some of those who were in California for RSA are scrambling this week, because they left something behind.

One of our meetings last week was with Credant Technologies, a vendor that specializes in data protection. Part of our discussion centered on the risk posed by lost mobile devices, which is anything from USB drives, to laptops and tablets filled with company data. At the time of our meeting with them, Credant had just released the results of a study they did with the hotels serving the conference. Naturally, after reading their research I was reminded of my own security incident involving a lost device in 2011.

[For the curious, the recap of my personal failure is here.]

Focusing on major hotel chains in San Francisco, such as the Four Seasons, Hilton, Holiday Inn, Marriott, and Ritz Carlton, Credant learned that some 2,300 mobile devices are unlikely to make the trip back from the world’s largest security conference this year.

One Union Square hotel chain reported that more than 90-percent of the devices discovered in guest rooms, the bar, or lobby are never claimed. On average, the number of unclaimed devices hit about 45-percent.

Interestingly enough, more than 70-percent of the lost devices are last seen in the Union Square and Financial District area (were many of the common RSA-related hotels are located).

“Protecting data on mobile devices eliminates the long term consequences potentially associated with lost or stolen devices,” said Darren Shimkus, the senior vice president of marketing for Credant.

But another point not mentioned by the survey is that while most of the device owners never reclaim their lost items, it’s possible that someone else can.

It isn’t hard to get a hotel employee to check the lost and found for items with little more than a basic description. For example, more often than not, asking for a known brand or basic description is enough to get them to check and hand something over.

Exploiting the human desire to help is one of the fundamental basics to social engineering. Hotel staffers are trained to assist guests and potential guests. Thus, they’re eager to please, and if the back story is sound enough, a stranger could easily claim those lost devices for you.

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

300 Miles From One Gallon And No, That’s Not A Typo

Imagine you’re in a bar and a guy walks up and asks if you’d be interested in buying a car t...

2015 Nissan Pathfinder Prices and Specs

Nissan has announced pricing and specs for the 2015 Nissan Pathfinder. The SUV, which is on ...

Miami ePrix Circuit Revealed

The FIA Formula E Championship has revealed the layout for the Miami ePrix circuit. Formula ...

Two DeLoreans And A Replica Jaguar C Type On Scottish Classic Car Run

The Kirkintilloch & District Classic Vehicle Club’s annual run to Glencoe in Scotland is...

NBA All-Star LeBron James Teams with Kia

NBA All-Star LeBron James has signed a deal with Kia to be the company’s first luxury ambass...