Your phone is missing, now what?
I know it is frightening to consider the risk, all of your personal information: pictures, videos, facebook, instagram, twitter, email, banking information, tax information, health and medical information. Likely all of your business and company data including confidential or classified customer data is available from the phone too. Don’t panic – it is important that you stay calm and follow a plan.
If the phone contains or connects to company resource(s) you need to notify your manager and the IT department so they can follow company policies for securing appropriate account and data access as well as initiate any remote security actions. Keep in mind that while the phone is valuable its value is minor compared to the value of the data on the phone. In most cases the thief will simply reset the phone and pawn the phone but if the data on the phone is easy to get to the thief will take the opportunity to exploit as many opportunities as possible.
If you have DriveStrike installed on the phone – immediately issue a Remote Wipe command, note the location of the device and contact the police. Your phone will report it’s location each time your request it but once a remote wipe command is received the phone will become unusable and stop reporting information but you will have confirmation that your data is secure. Once you complete the remote wipe contact the local law enforcement and file a police report. You can provide the local law enforcement with the details of the phone by reviewing the Device page with DriveStrike where we record serial number information and other critical details like make and model of the phone. Let the law enforcement know the last location you remember you had your phone or the location listed on the Device page. We also recommend that you change the password on all of your online accounts immediately with the first priority in resetting passwords as Google, Firefox, Microsoft Edge, and or Internet Explorer. Start with the account that is associated with the browser you most commonly use on that PC. This won’t eliminate the risk or threat of compromise but it will help reduce the risk.
For information on remotely wiping specific phones visit the pages below:
- Remotely Wipe Android Phones and Tablets -This how to guide will walk you though how to wipe your Android phone remotely using DriveStrike.
- Remotely Wipe iPhone, iPad, iOS -This how to guide will walk you though how to wipe your iPhone remotely using DriveStrike.
If you did not have DriveStrike installed we are sorry to hear that your phone was stolen. Below are several things to consider as you move forward to protect your data on a phone that doesn’t have DriveStrike installed.
1. Did you have a strong password on the the phone and do you have user names and passwords saved in your internet browser on the phone?
If you didn’t have a strong password and you answered yes to storing user names and passwords in your phone browser, immediately go and change the passwords for all of your accounts and implement two factor authentication wherever possible.
The first priority in resetting passwords is Google, Firefox, Microsoft Edge, and or Internet Explorer. Start with the account that is associated with the browser you most commonly use on that phone. This won’t eliminate the risk or threat of compromise but it will help reduce the risk.
2. Do you have any information regarding the phone; make, model, serial number, IMEI, UUID, applications that were installed on the phone?
If you don’t know some of the details we recommend that you contact your cellular carrier and ask that they provide you with the details – they will have the serial number and IMEI. Your carrier can also disable the phone and ensure the phone cannot be used in the future – this will not protect the data but it will make sure the phone can’t be used and in many cases the carrier can issue a firmware lock preventing the device from being reused. You should file a police report as soon as possible.
Where was the phone stolen from and around what time? If the phone was stolen from a location that has video cameras you may be able to take your police report to the establishment and ask them to review video footage and see if the thief is captured on video which should help the police in recovering your phone. Generally speaking, the police will not do this leg work for you but if you can track down the information the police are obligated to act accordingly.
Start checking local pawn shops near the location the phone was stolen.
Search craigslist and ebay for your make and model to see if the thief is selling your phone online.
4. Is there any confidential or sensitive information about customers, patients, or the company you work for on the phone?
If this is a company phone or if you access any company systems using this phone – immediately report the issue to your superior, the company IT and compliance teams.
If there is sensitive information about other people on the phone then you may have an obligation to report the stolen phone as a data breach depending on the security measures you implemented prior to the phone being stolen.
5. You should go to your Google, Microsoft, Facebook, Twitter, and other accounts for applications you commonly used on that phone to see if it is logged in to any of those accounts and also look to see if they have captured the location of that user session – you may be able to use that information by providing it to the local law enforcement. Do not use this information to confront the possible thief on your own – that is ill advised.
There are a number of other things to consider but they largely depend on how you answer the questions above. In order for us to remotely wipe or secure the device we will need to install DriveStrike on the missing phone which is very difficult but not impossible if we can entice the thief to install DriveStrike under the guise of a different name.
Please let us know if we can help you further, you can contact our help and support team any time.
DriveStrike is available for less than $1.00 per device per month when protecting multiple devices.
About Spearstone
Spearstone, 2008 Digital IQ award recipient for IT Security, is a software development company with enterprise customers that include Wells Fargo, Pearson Learning, Logitech, Spacelabs, Sony and RemedyMD. Spearstone’s DriveStrike product provides data breach protection for computers and smartphones, including remote wipe and mobile device management.