Phones disappear all the time. Lost or stolen, it literally happens every day to thousands of people around the world. And guess what, they all thought it won't happen to them. What if it happens to you today? Are you prepared?
Your smartphone is your life. Or if it isn't, it can certainly provide someone a window into your life. A typical smartphone contains pictures of family and friends, emails to family and friends, online shopping information, a snapshot of your interests as shown by the apps you use, the groups you belong to on social media, possibly PINs, and passwords, etc.
This data can be extremely valuable personally, even without taking into account the possibility of work/company information being found on your device.
Imagine your friends and family attacked by phishing or other scams targeted towards their specific problems and interests, gleaned from your phone. Imagine someone using your most trusted contact against you in order to obtain your financial information. Imagine someone directly using the credentials saved in your phone in order to access your accounts.
In a survey by IDG Research and Lookout Mobile Security, 50% of respondents would pay $500 to recover the data on their phone, excluding the cost of the physical phone itself. One in three would pay $1000 to obtain their data alone. Considering that the phone itself is sometimes worth an equivalent amount, it is not in the least surprising that cellphone theft is as prevalent as it is today.
IDG Research and Lookout fielded the survey to respondents in the United States, United Kingdom, France, and Germany. The results are based on 2,403 responses from participants who said they had had their smartphone stolen at some point.
If you use your device for business or work-related activities, the dangers can increase dramatically. Your work and sales contacts can be sold to a competitor. If your device password is the same as commonly used passwords for your access to company internal systems, your missing phone might provide a thief with high-level access to a corporate CRM or technical information regarding your latest project.
Locking your phone is the absolute least any user should do. What else can you do to protect yourself and your phone?
Use more than one password
A lot of devices today make available voice recognition, facial recognition, or other biometric means to gain access to the device. Yet, many users simply do not choose to implement these precautions. Of these, voice recognition or fingerprint scanners are the most secure options if you are considering a new phone.
In addition, do not use the same passcode twice. For example, if you encrypt the data on your phone, or in your email, ensure that these passwords are separate, so that a user gaining access to the device is not automatically provided access to everything in it.
Encrypt your stored data
Encrypting your data is possible on any Android or iOS phone, no matter if it is or isn't enabled by default (some phones still run older OS versions where it isn't). Data encryption is an excellent way to slow down a thief.
In addition, an encrypted modern Android or iOS phone will format itself after a certain number of failed login attempts. This is a great advancement in protection against most people who would try breaking into your device.
Encrypt your communication
Let's face it, your email, chat and voice communication can tell a lot about you. Data encryption can cover your email, but there are separate solutions that can do the job better.
PGP solutions, such as our Secure Email, encrypt email end to end, with separate keys for each person communicating with you.
OTR solutions, such as our Secure Chat, encrypt chat end to end and protect your messaging partners from bogus chat attempts under your name.
ZRTP solutions, such as our Secure Voice, encrypt VoIP telephony end to end so that nobody could hide between the two participants in a call and understand what they are speaking about.
Separate passwords for email and chat apps also adds another layer of security for a would-be data thief to get through.
The more layers you create, the larger the window you have to safeguard your data and prevent misuse.
Backup your data
This step is very important to your peace of mind, and directly affects the next point. Regular backups provide you a great deal of peace of mind.
Your primary means of defense should your phone be missing or stolen is to wipe your data. If your data is backed up regularly, you can confidently wipe your data, without fearing the associated data loss. And if your phone turns up in the folds of your couch, you won't feel an idiot for having wiped your data prematurely.
Enable remote wipe
More importantly, do not be afraid to use it. Of the Lookout survey respondents, a significant chunk of whom would value their data at $500 to $1000, only 13% of respondents proceeded to wipe their phone data. Possible reasons for this may be the uncertainty that the phone was indeed stolen, rather than lost.
A staggering 44% of the respondents left their phone behind and took over an hour to realize their phone was stolen. Possible reasons for not wiping the phone may include the hope they left it at home, or that their phone was found by a good samaritan and may yet be recovered.
Remote wiping is available as a preloaded feature in modern Android devices and iPhones via the Android Device Manager and the Find my iPhone services, respectively.
If the data on the phone is not backed up, wiping should be a last resort.
Record your phone's unique ID number (IMEI)
According to Lookout's survey, 40% of users were unaware their phone had a unique identifier. The IMEI number is the primary way to ensure your phone is blacklisted. This number should be recorded, so you can quickly and easily report the phone stolen to your carrier.
All carriers use a centralized system and search the phone's IMEI upon any registration attempt. If the phone is listed stolen, no carrier will provide service.
Add a locator app
If the phone does not come with a locator app, make sure you install one can help you recover it. This will allow you to determine the phone location soon after the loss and can help you determine if it indeed is stolen.
There are paid apps that can do this but if you have an Android phone, it is likely that Android Device Manager is available (or a brand-specific variant). For iPhone, the free option provided by Apple is Find my iPhone.
If the phone is located somewhere you have not been that day, chances are it is stolen (or your wife has it). Either way, this allows you to make an educated decision quickly about whether or not to wipe your phone, alert authorities, or search your couch.
Add a note
There are good people out there, and some of them will attempt to return the phone to you. If there is no way to contact the owner, the chances of this diminish drastically. Even a would-be thief might pause and consider the possibility of a reward, rather than the uncertain prospect of a locked or wiped phone.
Do not provide your last name or home number on the note. Use an email address and a work number to protect against identity theft. A very small print note taped to a location where your thumb or fingers will not typically rub away adhesive may just return your phone to you when other methods fail.
Note that the above steps are not necessarily in order of importance but rather organized by logical order. First, prevent initial access. Next, force the thief work harder to retrieve your data. Then, prevent the thief from gaining value from the phone itself. Finally, consider methods of retrieval.
The reason retrieval is the last concern is simply this: even if you make active and immediate efforts to retrieve your phone, only 32% actually manage to retrieve it. It is therefore far more important to safeguard your data.
If the list above were listed in order of importance, enabling remote wipe would likely be at the top, followed by encrypting and backing up your data.
You may be surprised that backing up your data is so highly ranked, but the reason is simple: A deterrent you cannot bring yourself to use is no deterrent at all. Backing up your phone provides the peace of mind to allow you to take the necessary steps to protect your data and yourself.
What to do when your phone is lost or stolen
If your phone is lost or stolen, we recommend that you follow these six steps:
- Track your phone. As mentioned, recent versions of Android have a built-in phone locator called Android Device Manager, and iPhones have a Find My iPhone service. This will help you determine whether your device is indeed missing (not left at home for example) or in the immediate vicinity. If it isn't, you should be prepared to take further action.
- Text yourself from a friend's phone or PC: "Reward for return of phone, contact <alternate number>. No questions asked." It is always worth a try to retrieve your phone. A stolen phone is a risky commodity, precisely because it can be encrypted, may have a locator app, and may be blacklisted fairly quickly. A thief may decide a reward might be a less risky way to get value from his theft. This text reminder on the phone itself may bolster the note I suggested you place on the phone earlier. Good samaritans ARE out there.
- Call your provider. If you are reasonably convinced your phone is stolen, call your operator's support, give them the IMEI number, and cancel your service to that SIM card. This will prevent the thief from running up charges on your bill, and blacklist your phone. (This would be a higher priority, save that if you cancel your service, you won't be able to send the above text.)
- Remotely wipe your device. Do not hesitate. Better data is lost than in the wrong person's hands. Again, contemporary Android devices and iPhones can be remotely wiped via Android Device Manager and Find My iPhone, respectively.
- Contact the police. Provide them with details of the theft, IMEI number, steps taken, and any tracking information (such as the phone tracking software used) that will help them recover your device.
- Contact your employer. If this is a business phone, do that ASAP. Information has always been precious but has never been so widely available as today. Employees have been fired for not reporting the loss of a device that could potentially compromise trade secrets. This may not be the case at your place of employment, but even if there are no such personal consequences to consider, you do not want your workplace compromised.
Lastly, it is important to remember that even if you do recover your device, whether lost or stolen, you should wipe it regardless. You never know what level of access was gained to your phone, nor what sort of malware might have been installed. It is always safer to wipe your device and start anew. After all, you heeded our advice and backed up your device, right?
If you really mean business, go for a really secure smartphone
And one more thing before we're done. Those of you who really need a secure, reliable smartphone that can be easily controlled or wiped remotely in case of a theft or loss, there are special solutions developed just for that.
One such solution is our Secure Phone, which is based on a highly customized, secured Android OS and on tested, high-end smartphone models.
All apps it comes with are also secure and developed by us specifically for Secure Phone. They include our three flagship apps for end-to-end encrypted communication - Secure Email, Secure Chat, and Secure Voice, as well as Secure Wipe for instant manual wiping in case of emergency, Secure Backup, IMSI Catcher Detector, and many more.
On top of that, Secure Phone can be easily and granularly managed remotely via our web-based Secure Administration System (SAS).
This way, whatever happens to your Secure Phone, you will have drastically more protection and control over the device and the data on it compared to an smartphones.