This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Jean-Yves Gilg

Editor, Solicitors Journal

'Wiped' smartphones remain a fraud risk for businesses

News
Share:
'Wiped' smartphones remain a fraud risk for businesses

By

Recovered data included internet histories, email passwords, business data, and explicit photography

Data on discarded smartphones thought to have been 'wiped' by their previous owners is detectable and a fraud risk, according to a corporate forensic investigation and e-disclosure expert.

Proven Legal Technologies (PLT) said that the findings from an experiment it conducted must serve as a warning to businesses regarding data privacy and protection.

PLT's exercise involved the purchase of four random smartphones from eBay - each from different sellers around the UK. The content was then forensically analysed, revealing a surprising amount of information about is previous use.

The data discovered included internet histories, WhatsApp messages, location history, passwords to users' email accounts and Wi-Fi, business data, and even explicit photography.

Some 33,535 photos were found on the smartphones - only 34 per cent of these had been deleted.

In addition, 428 deleted emails and over 700 pieces of location data were recovered.

Commenting on the findings, Phil Beckett, a partner at PLT, said: 'Companies - and individuals - must be aware that pressing delete is simply not enough. Even the largest of firms are vulnerable to hacking, and given the vast amount of confidential data housed on corporate devices these days, this could result in some very serious problems.

'Most businesses believe that when data is deleted off a mobile device it is gone forever, but this is not the case. Our research shows that even those smartphones that have previously been "wiped" are still at risk from detection from an experienced programmer or hacker.'

Beckett added that PLT had been analysing company mobile devices, PCs, and servers for years as part of its work in e-disclosure and investigations, and to enforce the legal responsibilities demanded by the UK compliance and regulation.

'As such, this test has only helped to confirm what we already know - that the vast majority of "deleted" business data is never actually deleted at all.'

Cyber fraud

The findings from PLT's experiment come hot on the heels of renewed warnings from the Solicitors Regulation Authority (SRA) of an increase in reports of law firms either being contacted by con artists or falling victim to fraudulent activity.

Meanwhile, the Department for Business, Innovation and Skills has reported that the average cost of the most severe online security breaches for big business now starts at £1.46m, up from £600,000 in 2014.

For small and medium-sized businesses (SMEs), the cost of the most severe breaches can now reach as high as £310,800, up from £115,000 in 2014.