Anchor ads are not supported on this page.

4S Ranch Allied Gardens Alpine Baja Balboa Park Bankers Hill Barrio Logan Bay Ho Bay Park Black Mountain Ranch Blossom Valley Bonita Bonsall Borrego Springs Boulevard Campo Cardiff-by-the-Sea Carlsbad Carmel Mountain Carmel Valley Chollas View Chula Vista City College City Heights Clairemont College Area Coronado CSU San Marcos Cuyamaca College Del Cerro Del Mar Descanso Downtown San Diego Eastlake East Village El Cajon Emerald Hills Encanto Encinitas Escondido Fallbrook Fletcher Hills Golden Hill Grant Hill Grantville Grossmont College Guatay Harbor Island Hillcrest Imperial Beach Imperial Valley Jacumba Jamacha-Lomita Jamul Julian Kearny Mesa Kensington La Jolla Lakeside La Mesa Lemon Grove Leucadia Liberty Station Lincoln Acres Lincoln Park Linda Vista Little Italy Logan Heights Mesa College Midway District MiraCosta College Miramar Miramar College Mira Mesa Mission Beach Mission Hills Mission Valley Mountain View Mount Hope Mount Laguna National City Nestor Normal Heights North Park Oak Park Ocean Beach Oceanside Old Town Otay Mesa Pacific Beach Pala Palomar College Palomar Mountain Paradise Hills Pauma Valley Pine Valley Point Loma Point Loma Nazarene Potrero Poway Rainbow Ramona Rancho Bernardo Rancho Penasquitos Rancho San Diego Rancho Santa Fe Rolando San Carlos San Marcos San Onofre Santa Ysabel Santee San Ysidro Scripps Ranch SDSU Serra Mesa Shelltown Shelter Island Sherman Heights Skyline Solana Beach Sorrento Valley Southcrest South Park Southwestern College Spring Valley Stockton Talmadge Temecula Tierrasanta Tijuana UCSD University City University Heights USD Valencia Park Valley Center Vista Warner Springs

County’s smartphones at risk for break-ins, audit finds

Raft of unused devices run up steep monthly tab for taxpayers

"The noblest motive is the public good," is San Diego County's motto, but when it comes to keeping track of the county's smartphones, it might better be replaced by “watch your back," a newly released April report by chief of audits Juan R. Perez indicates.

For starters, "None of the five departments sampled were maintaining a complete and accurate inventory of their mobile devices, because their inventory list excluded inactive mobile phones,” resulting in taxpayers footing monthly cell-phone bills for a raft of unused devices.

Of five inactive phones sampled by auditors at the Department of Environmental Health, "four had active wireless service. For three of the four phones, service was active for three or more months after the employee left the department and the phone had not been reassigned, including one that was active for seven months."

In addition to Environmental Health, departments examined by the audit included Public Health Services, General Services, Child Welfare Services, and the Assessor and Recorder's office.

The Department of Environmental Health, the report says, "had an inventory listing of 277 active mobile phones," but auditors discovered “105 inactive mobile phones that were not on the department’s inventory listing. Most of the phones were unsecured."

Sponsored
Sponsored

Worse yet, the General Services Department "had an inventory listing of 302 active mobile phones," but the audit unearthed "430 inactive mobile phones that were not on the department’s inventory listing."

Notes the report, "Without a complete list of active and inactive mobile devices, County assets may be susceptible to misappropriation or loss and not properly accounted for. "

Instead of monitoring cell-phone status in-house, “the departments were using the wireless provider’s invoice to track their mobile devices," the audit says.

"When a device becomes inactive due to an employee transfer or termination, the department notifies the wireless provider to remove the device from the invoice. The departments then stop tracking the device."

That was just the beginning of a host of findings of troublesome problems, others of which could cause security breaches, with possibly dire consequences regarding privacy for both workers and county residents.

Two of the five departments examined by auditors, "did not remove all County and user data from the mobile phones when employees transferred, terminated employment or upgraded their device.”

One phone was found to contain "a prior user's emails,” another "contained text messages, call history and contact information from the prior user who had terminated employment."

The county's technology office, noted the report, was "unable to provide documented evidence of containerization to ensure that County data are segregated from employees’ personal data on employee-owned mobile phones."

As a result, "employees’ personal applications may access County data and allow users to transfer County information outside of the County’s network. In addition, it may allow for unauthorized access to employees’ personal information in violation of the user’s privacy."

Widespread mayhem also reigned regarding what to do the surplus phones.

"Departments were not sure how to properly salvage inactive mobile devices and were not certain if all data was removed from the device when they performed factory reset. Also, because the devices are County property, there was some confusion whether departments could trade-in devices to wireless providers for credit. As a result, inactive devices that the departments are no longer using or tracking have not been salvaged."

Additionally, an unspecified number of the mobile devices don’t have data encryption set up to prevent prying eyes from intercepting confidential information

Mikel Haas

"Although AT&T enabled the AirWatch encryption setting for iOS devices, they disabled the same setting for Android devices.”

According to the report, “Per discussions with the [chief technology office], AT&T was directed to disable the encryption setting on Android devices because the setting was negatively affecting the functionality of the devices."

Says the audit, "If mobile devices are not encrypted, an unauthorized person may be able to access County information if devices are lost or stolen resulting in possible harm to the County, its customers or employees”

An April 15 letter of response from county chief information officer Mikel Haas lists a series of steps the technology office is taking to rectify the problems. A new device-tracking policy is due June 30, with encryption upgrades due by August 31.

The latest copy of the Reader

Here's something you might be interested in.
Submit a free classified
or view all
Previous article

Too $hort & DJ Symphony, Peppermint Beach Club, Holidays at the Zoo

Events December 19-December 21, 2024

"The noblest motive is the public good," is San Diego County's motto, but when it comes to keeping track of the county's smartphones, it might better be replaced by “watch your back," a newly released April report by chief of audits Juan R. Perez indicates.

For starters, "None of the five departments sampled were maintaining a complete and accurate inventory of their mobile devices, because their inventory list excluded inactive mobile phones,” resulting in taxpayers footing monthly cell-phone bills for a raft of unused devices.

Of five inactive phones sampled by auditors at the Department of Environmental Health, "four had active wireless service. For three of the four phones, service was active for three or more months after the employee left the department and the phone had not been reassigned, including one that was active for seven months."

In addition to Environmental Health, departments examined by the audit included Public Health Services, General Services, Child Welfare Services, and the Assessor and Recorder's office.

The Department of Environmental Health, the report says, "had an inventory listing of 277 active mobile phones," but auditors discovered “105 inactive mobile phones that were not on the department’s inventory listing. Most of the phones were unsecured."

Sponsored
Sponsored

Worse yet, the General Services Department "had an inventory listing of 302 active mobile phones," but the audit unearthed "430 inactive mobile phones that were not on the department’s inventory listing."

Notes the report, "Without a complete list of active and inactive mobile devices, County assets may be susceptible to misappropriation or loss and not properly accounted for. "

Instead of monitoring cell-phone status in-house, “the departments were using the wireless provider’s invoice to track their mobile devices," the audit says.

"When a device becomes inactive due to an employee transfer or termination, the department notifies the wireless provider to remove the device from the invoice. The departments then stop tracking the device."

That was just the beginning of a host of findings of troublesome problems, others of which could cause security breaches, with possibly dire consequences regarding privacy for both workers and county residents.

Two of the five departments examined by auditors, "did not remove all County and user data from the mobile phones when employees transferred, terminated employment or upgraded their device.”

One phone was found to contain "a prior user's emails,” another "contained text messages, call history and contact information from the prior user who had terminated employment."

The county's technology office, noted the report, was "unable to provide documented evidence of containerization to ensure that County data are segregated from employees’ personal data on employee-owned mobile phones."

As a result, "employees’ personal applications may access County data and allow users to transfer County information outside of the County’s network. In addition, it may allow for unauthorized access to employees’ personal information in violation of the user’s privacy."

Widespread mayhem also reigned regarding what to do the surplus phones.

"Departments were not sure how to properly salvage inactive mobile devices and were not certain if all data was removed from the device when they performed factory reset. Also, because the devices are County property, there was some confusion whether departments could trade-in devices to wireless providers for credit. As a result, inactive devices that the departments are no longer using or tracking have not been salvaged."

Additionally, an unspecified number of the mobile devices don’t have data encryption set up to prevent prying eyes from intercepting confidential information

Mikel Haas

"Although AT&T enabled the AirWatch encryption setting for iOS devices, they disabled the same setting for Android devices.”

According to the report, “Per discussions with the [chief technology office], AT&T was directed to disable the encryption setting on Android devices because the setting was negatively affecting the functionality of the devices."

Says the audit, "If mobile devices are not encrypted, an unauthorized person may be able to access County information if devices are lost or stolen resulting in possible harm to the County, its customers or employees”

An April 15 letter of response from county chief information officer Mikel Haas lists a series of steps the technology office is taking to rectify the problems. A new device-tracking policy is due June 30, with encryption upgrades due by August 31.

Comments
Sponsored

The latest copy of the Reader

Here's something you might be interested in.
Submit a free classified
or view all
Previous article

At Comedor Nishi a world of cuisines meet for brunch

A Mexican eatery with Japanese and French influences
Next Article

Reader writer Chris Ahrens tells the story of Windansea

The shack is a landmark declaring, “The best break in the area is out there.”
Comments
Ask a Hipster — Advice you didn't know you needed Big Screen — Movie commentary Blurt — Music's inside track Booze News — San Diego spirits Classical Music — Immortal beauty Classifieds — Free and easy Cover Stories — Front-page features Drinks All Around — Bartenders' drink recipes Excerpts — Literary and spiritual excerpts Feast! — Food & drink reviews Feature Stories — Local news & stories Fishing Report — What’s getting hooked from ship and shore From the Archives — Spotlight on the past Golden Dreams — Talk of the town The Gonzo Report — Making the musical scene, or at least reporting from it Letters — Our inbox Movies@Home — Local movie buffs share favorites Movie Reviews — Our critics' picks and pans Musician Interviews — Up close with local artists Neighborhood News from Stringers — Hyperlocal news News Ticker — News & politics Obermeyer — San Diego politics illustrated Outdoors — Weekly changes in flora and fauna Overheard in San Diego — Eavesdropping illustrated Poetry — The old and the new Reader Travel — Travel section built by travelers Reading — The hunt for intellectuals Roam-O-Rama — SoCal's best hiking/biking trails San Diego Beer — Inside San Diego suds SD on the QT — Almost factual news Sheep and Goats — Places of worship Special Issues — The best of Street Style — San Diego streets have style Surf Diego — Real stories from those braving the waves Theater — On stage in San Diego this week Tin Fork — Silver spoon alternative Under the Radar — Matt Potter's undercover work Unforgettable — Long-ago San Diego Unreal Estate — San Diego's priciest pads Your Week — Daily event picks
4S Ranch Allied Gardens Alpine Baja Balboa Park Bankers Hill Barrio Logan Bay Ho Bay Park Black Mountain Ranch Blossom Valley Bonita Bonsall Borrego Springs Boulevard Campo Cardiff-by-the-Sea Carlsbad Carmel Mountain Carmel Valley Chollas View Chula Vista City College City Heights Clairemont College Area Coronado CSU San Marcos Cuyamaca College Del Cerro Del Mar Descanso Downtown San Diego Eastlake East Village El Cajon Emerald Hills Encanto Encinitas Escondido Fallbrook Fletcher Hills Golden Hill Grant Hill Grantville Grossmont College Guatay Harbor Island Hillcrest Imperial Beach Imperial Valley Jacumba Jamacha-Lomita Jamul Julian Kearny Mesa Kensington La Jolla Lakeside La Mesa Lemon Grove Leucadia Liberty Station Lincoln Acres Lincoln Park Linda Vista Little Italy Logan Heights Mesa College Midway District MiraCosta College Miramar Miramar College Mira Mesa Mission Beach Mission Hills Mission Valley Mountain View Mount Hope Mount Laguna National City Nestor Normal Heights North Park Oak Park Ocean Beach Oceanside Old Town Otay Mesa Pacific Beach Pala Palomar College Palomar Mountain Paradise Hills Pauma Valley Pine Valley Point Loma Point Loma Nazarene Potrero Poway Rainbow Ramona Rancho Bernardo Rancho Penasquitos Rancho San Diego Rancho Santa Fe Rolando San Carlos San Marcos San Onofre Santa Ysabel Santee San Ysidro Scripps Ranch SDSU Serra Mesa Shelltown Shelter Island Sherman Heights Skyline Solana Beach Sorrento Valley Southcrest South Park Southwestern College Spring Valley Stockton Talmadge Temecula Tierrasanta Tijuana UCSD University City University Heights USD Valencia Park Valley Center Vista Warner Springs
Close

Anchor ads are not supported on this page.

This Week’s Reader This Week’s Reader