800.668.7020
M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.
Don't Risk IT
Proposed Bill Would Mandate Smartphone Kill Switches to Fight Data Breaches

Proposed Bill Would Mandate Smartphone Kill Switches to Fight Data Breaches

Kill switches in smartphones can help you secure a lost phone, but IT professionals need to protect their data breach liability.

Friday, February 28, 2014/Categories: cyber-liability

Four senators have proposed a bill that would require smartphone makers to include a "kill switch" to allow consumers to shut off phones and lock them after they're stolen. According to CNET, The Smartphone Theft Prevention Act would standardize this security feature across a variety of mobile platforms.

Mobile device theft is a huge problem. It currently accounts for 33 percent of all robberies nationally, and in some major cities device theft constitutes as much as 75 percent of all reported theft.

The new bill (which hasn't been voted on yet) proposes a simple way to cut down on the risks associated with device theft. Thieves can often access private data, make expensive calls, and make purchases on phones that don't have proper security settings.

For IT professionals, this new bill provides a good opportunity to review your own security standards for mobile devices. Let’s look at ways you can secure client devices and reduce your risk of a lawsuit.

(For more information specifically about securing stolen laptops, see "Laptop Insurance: Secure and Protect Mobile Devices" on our blog.)

Stolen iPhone? How IT Professionals Can Minimize the Risks of Device Theft

Theft means more than just losing a piece of hardware. Mobile theft also means a data breach. Thieves can often access all kinds of data about your clients and their customers. As you outline a plan to protect clients from mobile theft, make sure to include ways to secure data remotely on a lost device.

In order to reduce mobile device liabilities, IT professionals should do the following:

  • Activate security settings to require a password to unlock phones and decrypt data.
  • Download security applications (like Theft Aware for Android), which can remotely wipe data, lock the phone, and even trace a stolen device via GPS.
  • Report all theft to the police.
  • Contact the service provider after a device has been stolen and ask them to disable the phone number (which will prevent you from having to pay for charges).
  • Keep a record of the model number / serial number for each mobile device you own.

iPhones and other mobile devices usually have an International Mobile Equipment Identifier (IMEI) or Mobile Equipment Identifier (MEID), a unique serial number like the VIN on your car, which police will need to know when you file a report. Make sure you write down the IMEI for each phone or tablet you and your clients have.

You can find the IMEI by dialing *#06# on most phones. The IMEI is also usually printed on a sticker underneath the battery.

Tip for developers: Mobile app developers should keep in mind that building a secure app includes accounting for security issues when a user's phone is stolen. Does your app have security settings that will prevent a thief from making purchases or accessing private data? Remember to "X" out passwords and private information and give users options to require passwords for all purchases.

What the Smartphone Theft Prevention Act means for IT Professionals

In our blog post "The Mobile Future and Why You'll Need E&O Insurance in IT," we outlined how the proliferation of mobile technology exposes you to more lawsuits. If the Smartphone Theft Prevention Act passes, a security consultant would have one more tool at their disposal to protect clients from the consequences of device theft.

However, realistically, you can already get a function similar to the "kill switch" from third-party mobile apps. For now, it's important to remember that device security hinges on how well clients implement it.

As an IT consultant, you can't watch over every device. Instead, you need to find ways to educate clients about basic device security. Make sure to follow the steps outlined above, explain the importance of device security to clients, and protect yourself from mobile device lawsuits.

If an IT professional is sued over a data breach on a mobile phone, E&O Insurance offers important protection. It covers the cost of your legal defense and can pay damages you owe to clients. As your mobile liabilities grow, be sure to mitigate those risks with adequate insurance coverage. 

The Small Business
Insurance Leader
800.688.1984 | 8 am - 5:30 pm CST | M-F
Customer Rating 4.9 out of 5
Read Customer Reviews

Categories

The Small Business Insurance Leader