11 Mar

Be prepared to lose your smart device

“One important key to success is self-confidence. An important key to self-confidence is preparation” Arthur Ashe

The Lost or Stolen Smart Phone

According to a Consumer Reports National Research Center, 2.1 Million phones were stolen and 3.1 smartphones were lost in 2015. The idea behind this post is to give you peace of mind and confidence in protecting yourself against a lost or stolen device. Instead of fear and anxiety ruling the day, you can very easily set up a plan in action to completely secure and protect yourself from the worse, even though I know some of us would love to do away with the digital distract device!

What could someone with less than desirable intentions do with the data on your phone? My personal experience with lost items has been generally quite positive. There are more honest and good people out there than we would like to believe, thanks probably to the daily news which thrives on bad news. However, you still have to protect yourself as best as you can for the worst-case scenario.

The damage could vary. Let’s examine a few of these:

  • Email

Examining the contents of your email could prove to be very informative to someone who is looking for sensitive information such as passwords, login names, bank account info, etc. At my firm, we have a policy to no never share any password by email, text, or IM. We call the client or each other if needed. Even if it is not as sensitive as this, you could have personal emails that you don’t want to be read by anyone who could possibly do some damage that could prove to be embarrassing or otherwise through a mass email being sent out on your behalf, spoofed or otherwise. In some cases, an email could be sent to a financial contact to transfer some money to a specific account too. We’ve seen this and have heard of people who have actually been tricked into it.

  • Contacts

Short of the obvious, many of us place notes in the contact field that include family names, account numbers, birthdates, and so on. If someone steals this information, they can use it to potentially go as far as selling it for identity theft, especially if it has a good deal of sensitive information or using it for spoofing.

  • Social Networking

I probably don’t even need to expand on this one as we can all guess the damage. But let’s examine a few. What if someone shared an inappropriate site and tagged your friends and colleagues. Yes, you can let everyone know you are hacked, but some might still find it embarrassing. But what if the site, which could look totally legitimate is a phishing site that could damage and potentially hack them. All it really takes is one simple click on the link or image.

Your account could be set up to follow other accounts. They can use it to just monitor and learn some behavior patterns or personal stuff which can even be used to guess passwords or prove again to be embarrassing.

  • Files (Offline or Online)

Many of us are now using files of the cloud using services such as Google Drive, Box, Dropbox, Egnyte, Microsoft One Drive, or other compatible services. The primary reason for this has been to allow for easy file access from any location and device. Some of these solutions allow the user to even save the file to the phone, referred to as “Offline”, since you can use it without the need for an internet connection. Either online or offline, if someone gets access to your phone they can get access to your files and transfer them elsewhere to analyze later. If you do anything like this, you must make sure that all your sensitive files are also password protected.

  • Data Sensitive Apps

Any App that has the power to purchase or look at sensitive financial and personal data is at some risk of being accessed. Even though there are steps to further protect yourself with these apps, such as dual authentication, fingerprinting, and such, many might not be fully securing these and using a simple password or one that was easily deduced from the email, contacts, or notes on the phone. Before you know it, you might have a hefty amount transferred out of your account to some overseas bank account.

How do I plan and prepare to protect Myself?

  1. Device Access Password: Setup a strong password and lock-out time setting low enough to be safe. Get away from the four-digit passcodes to the six-digit ones or even 8 digits with real passwords, patterns, and fingerprints. I can’t reiterate the importance of this one single step, which can buy you enough time to secure your device and services to protect yourself. Case and point, the Apple and the FBI fight over this exact issue. Granted, you might not have the option to erase data from your phone after ten failed tries, but then again you might.
  2. Backup: Make sure your device is backed up. We highly recommend using a service like Google Photos (works on Apple and Google devices) and/or iCloud backup, Android Backup Service, to back up your pictures, contacts, calendar, reminders, Apps, etc.
  3. Data: Never have any sensitive data on any of your devices that are not fully protected with high encryption and a very strong password. Go through your email, contacts, notes or any App to remove any references to social security numbers, account numbers, driver’s license numbers, passwords and such. The best way to think about it is if you gave your phone to a trusted person with good technical capabilities, what do you think they can pull from your phone that could be detrimental to your livelihood or the minimum a painful experience of dealing with multiple vendors.
  4. Higher Security Level Access: Setup multi-factor authentication on any and all of your online services. Please see my previous post: https://www.linkedin.com/pulse/easy-must-do-app-security-being-ignored-many-users-shane-nejad?trk=mp-author-card
  5. Find my Phone: Learn how to locate your device remotely so that you can wipe it, reset the password or even make it ring or send a message before you lose it, not after. Here are the instructions:
    • iPhone: https://support.apple.com/en-us/HT201472
    • Android: http://www.howtogeek.com/170276/how-to-locate-your-lost-or-stolen-android-phone-and-wipe-if-necessary/
    • Blackberry: http://us.blackberry.com/apps/blackberry-apps/protect.html
  6. Make a Note: Some users may use a message on the lock screen to let the person know how to contact them or some may actually stick a note to the back of the phone. Don’t use your home phone number, but a working one with an email address you feel safe sharing and maybe even offer a small reward.
  7. Know your Apps: Look at all the sensitive apps you have, make a list and review the sites and services on how to reset your password and potentially even decommission a device, so that you can’t use the App on the device
    1. Android: http://www.ampercent.com/uninstall-android-apps-remotely/10519/
    2. iPhone: Unfortunately, you can’t do this yet but you can use the find my phone feature to erase it remotely
  8. Software Updates: Keep the device up to date. I am not personally a fan of being the first to update as I’ve seen problems deter me. But if the updates are security related, I tend to go for it after about a week or so to make sure the vendor has discovered any update issues and released a fix.
  9. Complex Passwords: Setup a very strong password for all your applications and services. I would highly advise investing in a password manager solution, that basically lets you remember one password that manages all the other passwords. You can make all your passwords super strong and never have to remember any, short of the one strong password you will set to access your password manager. This will sync up with your phone, tablets, and computers and can be locked down or with some deactivated remotely. Here is a list of some of these products: http://www.pcmag.com/article2/0,2817,2407168,00.asp
  10. Phone’s Unique ID: You can obtain this by dialing *#06# on your phone which displays the phones’ unique ID, which may help the Police investigation.

Steps to follow after your device is lost or stolen?

If you have done the preparations above, then you are good to go and can follow these steps

  1. Use the Find my phone App to try and locate your device
  2. If you don’t find it nearby and quickly enough, then:
    • Change all the essential passwords for data-sensitive Apps such as banking and email.
    • Erase Data through your phone or lock it if you haven’t done so already and put it in the lost mode for the iPhones.
    • Decommission the appropriate Apps
  3. Contact your service provider to deactivate the old phone fully and get a new one and if needed report it to the authorities.

If you have any questions or concerns, feel free to Contact Us

Tags:
Shane Nejad