Few things invoke instant panic like a missing smartphone or laptop. These devices hold a good part of our lives. This includes files, personal financials, apps, passwords, pictures, videos, and so much more. The information they hold is more personal than even that which is in your wallet. It’s because of all your digital footprints. This makes a lost or stolen device a cause for alarm. It’s often not the device that is the biggest concern. It’s the data on the device and access the device has to cloud accounts and websites. The thought of that being in the hands of a criminal is quite scary.
There are approximately 70 million lost smartphones every year. The owners only recover about 7% of them. Workplace theft is all too common. The office is where 52% of stolen devices go missing. If it’s a work laptop or smartphone that goes missing, even worse. This can mean the company is subject to a data privacy violation. It could also suffer a ransomware attack originating from that stolen device. In 2020, Lifespan Health System paid a $1,040,000 HIPAA fine. This was due to an unencrypted stolen laptop breach.
The things you do in the minutes after missing a device are critical. This is the case whether it’s a personal or business device. The faster you act, the less chance there is for exposure of sensitive data.
When a criminal gets their hands on a smartphone, tablet, or laptop, they have access to a treasure trove. This includes:
· Photos & videos
· Access to any logged-in app accounts on the device
· Passwords stored in a browser
· Cloud storage access through a syncing account
· Text messages
· Multi-factor authentication prompts that come via SMS
· And more
Most mobile devices and laptops will include a “lock my device” feature. It allows for remote activation if you have enabled it. You will also need to enable “location services.” While good thieves may be able to crack a passcode, turning that on immediately can slow them down. What about “find my device?” There is usually also a “find my device” feature available in the same setting area. Only use this to try to locate your device if you feel it’s misplaced, but not stolen. You don’t want to end up face to face with criminals!
If you use the device for business, notify your company immediately. Even if all you do is get work email on a personal smartphone, it still counts. Many companies use an endpoint device manager. In this case, access to the company network can be immediately revoked. Reporting your device missing immediately can allow your company to act fast. This can often mitigate the risk of a data breach.
Most mobile devices have persistent logins to SaaS tools. SaaS stands for Software as a Service. These are accounts like Microsoft 365, Trello, Salesforce, etc. Use another device to log into your account through a web application. Then go to the authorized device area of your account settings. Locate the device that’s missing, and log it out of the service. Then, revoke access, if this is an option. This disconnects the device from your account so the thief can’t gain access.
It’s very important to include cloud storage applications when you revoke access. Is your missing device syncing with a cloud storage platform? If so, the criminal can exploit that connection. They could upload a malware file that infects the entire storage system. They could also reset your device to resell it, and in the process delete files from cloud storage.
Hopefully, you are backing up all your devices. This ensures you have a copy of all your files in the case of a lost device. Does it look like the device is not simply misplaced, but rather stolen or lost for good? If so, then you should use a remote “wipe my device” feature if it has been set up. This will wipe the hard drive of data.
No matter what size company you have, mobile device management is vital. Contact us to learn more about our endpoint security solutions.
We can take it a step further and offer you a free IT assessment!
Article used with permission from The Technology Press.