You can't secure what you don't acknowledge.SM

Thursday, May 3, 2012

The funny thing about iPhones & airplane toilets

My Delta co-passengers and I recently had the opportunity to experience a near 1-hour flight delay due to, none other than, some dude dropping his iPhone into the aft toilet on our fancy Boeing 757. I'm not making this up...

Yep, there we were sitting at the gate and this guy comes up to the flight attendants to ask for some help getting his iPhone out of the crapper. Yuck! The captain got involved, and then maintenance, and then all the ensuing paperwork.

This incident reminded me of when the authorities shut down an interstate when some dude is threatening to jump from a bridge above. Imagine the economic impact. Few think about that...But thanks to the ever so brave maintenance man, the passenger ended up getting his "$900" iPhone back. He said he had insurance on it and needed it to be able to get a new one. Reasonable argument I suppose..if you're a hazmat kinda guy.

I feel for the poor sap at AT&T who takes it back not knowing where it's been.

I bring this up because it's a scenario that could very well play out in your enterprise. I'm not so sure that anything could be recovered from a phone after being immersed in a toilet...but you never know, especially if the phone has a Micro SD card for external storage (i.e. BlackBerry & Android-based devices).

Will your employees know what to do in this type of situation? Will it matter if the device is personally-owned versus business-owned? You need to develop a stance on this and integrate into your mobile security policy. Oh, and let everyone know about it. Will you need to enact any sort of incident response procedures or data breach notification (I can hear it now: "Sorry Mr. or Mrs. Customer, We've had a craptacular situation involving your data that you need to know about...").

It was a funny situation. Crappy jokes aside, this is certainly something to think about for your own business.

1 comment:

  1. A good plan for any mobile device after a failure would be a great idea. While the chance is low to retrieve the data in most cases nothing is impossible. Companies have to realize once a device or hard drive is out of their control they do not know what happens to it. Someone could make a good penny getting blackberry's that used to belong to government employees and selling it to someone who may not be able to crack it now. But with crypto sometimes all you need is time.