Skip to main content

Exposed: Hotels follow "finders keepers" rule with lost smartphones, like HTC One M8

Security professionals are human, no different from anybody else. They're just as likely to check out of a hotel without remembering a smartphone charging in the bathroom, or a laptop in the closet.

But what happens to those abandoned devices? After the recent RSA Conference in San Francisco, Darren Leroux, Senior Director of Product Marketing at WinMagic, decided to find out.

After the attendees had scattered to their homes around the world, Leroux called 33 hotels in the area to ask about their policies regarding lost devices. He also asked whether any RSA attendees had left devices behind. Over half of those who responded reported a "finders keepers" policy. After allowing a reasonable time for the owner to lay claim, they eventually hand over the device to the person who found it.

Another quarter reported a policy of donating unclaimed devices to charity. On a positive note, none of the hotels noticed more lost devices than normal during the conference. You can read Leroux's full blog post here.

So you lost your laptop at a conference. It probably belonged to the company anyway. You may get a reprimand, but you probably won't have to pay for it. No problem, right?

Actually, there's a big problem, possibly a huge problem, because whoever gets your laptop gets all the data that's on it. Leroux reported that exactly one of the surveyed hotels reported a policy of erasing the contents of a found device before handing it over.

I'm sure most businesses require user accounts on company-owned laptops to be password-protected. However, an employee who has administrator privilege can easily set up automatic login. If you've done that for convenience, you've totally handed over your data to the finder. Even if your account is password-protected, your data is still at risk.

If it was a personal device or laptop you lost, you're on the hook for the replacement cost. You may not have lost corporate secrets, but having some stranger paw through your personal information is creepy. Identity theft? Yeah, that could happen.

Last month I spoke with Leroux at the RSA Conference concerning another survey. Briefly, the survey showed that employees who don't take care of security at home carry those lax habits into the workplace.

What to do? Well, WinMagic does have a line of products aimed at securing sensitive information. Whole drive encryption combined with enforced backups can also work. And with an anti-theft tool like LoJack for Laptops you can remotely wipe data from a lost laptop, and maybe even recover it.

LoJack for Laptops can help protect your personal laptop, too. You might also consider moving your important documents to the cloud and protecting them with a cloud encryption tool like DataLocker SkyCrypt. Data Discover 7.5 will scour your laptop for exposed personal information and help you encrypt, delete, or redact it.

Smartphones TooSmartphones are even easier to lose than laptops, of course. According to our Mobile Security Analyst Max Eddy, Google's free Android Device Manager is a great product; Bitdefender Anti-Theft is our Editors' Choice in this category. Many general purpose mobile security packages, including those from Bitdefender and Avast include powerful antitheft components.

Got an iOS device? You already have built-in protection of Find My iPhone, but you have to activate it or it won't help. And security enhancements in iOS 7 let you keep the device locked to your account even after a wipe.

People aren't perfect. Laptops (and smartphones) do get lost. But with a little preparation you can ensure that the loss of a device doesn't cause a data disaster.