The British phone-hacking scandal graphically illustrates yet another facet of cybercrime: the vulnerability of personal mobile devices. Celebrities and politicians aren’t the only ones who should be on guard, however. Recent reports indicate that a rapidly growing number of business executives’ phones, tablets and laptops are hacked when traveling abroad, particularly in China and Russia.
With mobile devices at risk, the threat of losing critical business information multiplies, as do the worries of in-house counsel. Just a few years ago, companies’ principle digital security concern was protecting credit card numbers and other customer information. Now they must contend with massive international hacking rings bent on stealing intellectual property, “hactivist” groups that target organizations for ideological reasons and even state-sponsored computer attacks.
“Companies have to inventory their information to understand what they have, understand where it is, and then set protocols and protections based on sensitivity of information,” says Andrew B. Serwin, who chairs the privacy, security and information management practice at Foley & Lardner. “That’s something that a lot of companies still don’t do.”
“I’ve been working with folks on Capitol Hill on new legislation designed to simplify and clarify the ability of the private sector to interface with knowledgeable government actors,” Chertoff says. “Often it’s the government that reaches out to a company that doesn’t know it’s been penetrated.”