A kill-switch-enabled mobile device allows mobile users to "brick" their phone, encrypting all its data and essentially making it useless to thieves who steal it.
So are kill switches good for your client's security? Definitely. After all, lost or stolen devices are one of the top causes of data breaches. Phone makers are beginning to include this feature as a standard part of their OS, and there's even talk of passing a law that would standardize this security feature across a variety of mobile platforms.
To understand how kill switches work and how to implement this security feature on your clients' devices, we'll examine three things...
- How kill switches limit the damage of a theft.
- Why they can actually prevent theft.
- How they reduce the chance you'll be sued.
Limiting Damage: Kill Switches Can Prevent Mobile Theft
Because kill switches lock lost devices, they can keep your clients' data from getting into the hands of criminals. As part of your data security plan, you should make sure your client's employees use devices that are kill-switch enabled.
But did you know that kill switches actually prevent theft? The BBC reports the rise of kill switches in smartphones has reduced smartphone theft. In fact…
- San Francisco reported a 40 percent decrease in iPhone thefts.
- New York reported a 25 percent decrease in iPhone thefts.
- London reported a 40 percent decrease in smartphone thefts.
Just as car thieves know which cars are easiest to steal, smartphone thieves know which devices have kill switches.
In "Addressing (Some) Physical Exposures for Data Breaches," we reported how California, Minnesota, and local governments have been pushing to mandate kill switches in order to curb device theft. It appears these efforts have been largely successful in the cities that implemented them.
Why Set-Up a Kill Switch for Client? It Can Prevent Lawsuits
After a data breach, clients will scrutinize your work. If they identify an area where you could have worked harder to prevent a breach, you could face a lawsuit.
Because of the way IT liability works, you can be sued for what you didn't do. That's called professional negligence. If you don't set up kill switches for client devices, they could argue that you failed to fulfill your professional duty and left them exposed to device theft.
If clients ask you to perform a security audit, set up a mobile security plan, or do other work that involves securing their employees' phones, keep in mind these three pitfalls regarding kill-switch enabled phones...
- Though many phones have kill switches, they aren't always enabled.
- Kill switches are enabled by default in Apple's iOS 8, but not iOS 7.
- Not all smartphones offer kill switches (e.g., Microsoft is a notable exception).
The bottom line: having kill-switch-enabled devices can protect your clients if and when they're victimized by theft. Technology manufacturers are implementing these on a grand scale, but it will be up to you to ensure your clients' security settings are optimized to prevent mobile theft.