The Tech Herald

RSAC 2012: Lost or unclaimed devices pose risk to corporate data

by Steve Ragan - Mar 5 2012, 14:00

Lost or unclaimed devices pose risk to corporate data. (IMG: J.Anderson)

After a long week of meetings and tradeshow fun, it’s time to catch-up on missed emails and sort the vast amount of business cards that were collected during the 2012 RSA Conference. Still, some of those who were in California for RSA are scrambling this week, because they left something behind.

One of our meetings last week was with Credant Technologies, a vendor that specializes in data protection. Part of our discussion centered on the risk posed by lost mobile devices, which is anything from USB drives, to laptops and tablets filled with company data. At the time of our meeting with them, Credant had just released the results of a study they did with the hotels serving the conference. Naturally, after reading their research I was reminded of my own security incident involving a lost device in 2011.

[For the curious, the recap of my personal failure is here.]

Focusing on major hotel chains in San Francisco, such as the Four Seasons, Hilton, Holiday Inn, Marriott, and Ritz Carlton, Credant learned that some 2,300 mobile devices are unlikely to make the trip back from the world’s largest security conference this year.

One Union Square hotel chain reported that more than 90-percent of the devices discovered in guest rooms, the bar, or lobby are never claimed. On average, the number of unclaimed devices hit about 45-percent.

Interestingly enough, more than 70-percent of the lost devices are last seen in the Union Square and Financial District area (were many of the common RSA-related hotels are located).

“Protecting data on mobile devices eliminates the long term consequences potentially associated with lost or stolen devices,” said Darren Shimkus, the senior vice president of marketing for Credant.

But another point not mentioned by the survey is that while most of the device owners never reclaim their lost items, it’s possible that someone else can.

It isn’t hard to get a hotel employee to check the lost and found for items with little more than a basic description. For example, more often than not, asking for a known brand or basic description is enough to get them to check and hand something over.

Exploiting the human desire to help is one of the fundamental basics to social engineering. Hotel staffers are trained to assist guests and potential guests. Thus, they’re eager to please, and if the back story is sound enough, a stranger could easily claim those lost devices for you.

Around the Web

Comment on this Story

comments powered by Disqus


Chevrolet shows off the 2015 Colorado with digital experience

Chevrolet has launched a new website to show buyers all the bells and whistles available on ...

Mazda to debut CX-3 and MX-5 at Los Angeles Auto Show

Mazda has announced plans to premiere the new Mazda CX 3, its new compact crossover SUV, at ...

Ford issues safety recall for 204,448 Ford Edge and Lincoln MKX

Ford has issued a safety recall for 204,448 of the 2007-2008 Ford Edge and Lincoln MKX in No...

Mopar Previews SEMA Custom Rides

We have added a set of pictures released by Mopar ahead of the SEMA Show. Mopar are bri...

Audi R8 Competition – The Most Powerful Production Audi Ever

Audi has revealed details of their new super-fast Audi R8 Competititon — the most powerful a...