How to minimize the negative effect of mobile device loss or theft

+ Watch the recorded webinar: Inside a Docker Cryptojacking Exploit

Have you, like me, become inordinately obsessed with the security of your smartphone? And are you forever checking your pockets to make sure you haven’t left it behind in a coffee shop, your car, office, the airport lounge, the hotel you left for good three hours ago? It’s sad to admit, but too often I’m left panicking by my phone not being in the place I expect it to be.

What would happen if I lost it or someone stole it? Access to many of the services I use daily, both privately and for work, depends on my phone providing me with the second authentication factor. Not that I can’t find a way around that problem, but it will take time and effort and it will unwelcomely disrupt my everyday life for a few days.

But I’m actually more worried about the finder or thief breaking into my password-protected device and using it to gain access to all the files and sensitive information stored on it and in the various accounts/clouds. I extend a similar (if a bit less pronounced) worry to my other data-carrying mobile devices: my laptop and tablet.

What to do if it happens?

In some ways, losing a company-owned device might be easier on most of us than losing our personal smartphone or laptop. You report the incident to your IT or security department and they start doing damage control – wiping accounts, apps, data and the device itself – by following predefined protocols.

But when it comes to personal devices, it’s you who must make decisions and react quickly, especially if you made the critical mistake of not securing your device with a strong passphrase.

Changing passwords on important/sensitive accounts (e.g., email, PayPal, etc.), dissociating the device/mobile app from them, and remotely logging out of online sessions that you left running on the device seems like an obvious first step.

The next one should be remotely wiping all potentially sensitive data from the device.

If you’re fortunate enough that you save your files in Dropbox, you can safely remote wipe the lost device. Remote wipe removes access to your files from the device and your files continue to stay secure.

If you’ve totally given up on getting your device back, you can follow up with a full wipe of the device via the manufacturer (if they provide the capability) or via remote management software (if you have previously installed it).

Finally, you should consider reporting the loss or theft of the device to law enforcement and your wireless carrier (if the device is a phone). The latter can disable your mobile account so that the finder/thief can’t use it to make phone calls, send texts or surf the web on your dime.

Mitigation before the fact

I should be clear, by now, that a little fore forethought can help you minimize the negative effect of mobile device loss or theft and the stress that comes with it.

First and foremost, use a strong, difficult-to-guess password/passphrase to secure your device.

Consider whether you need all the apps (delete those you no longer use) and whether you need all the data and files you have on the device (delete anything that you no longer need). A regular clean-up can minimize the negative effect of device theft as well as that of device compromise (e.g., via malware such as Remote Access Trojans).

Instead of making your browser memorize your passwords, use a password manager and choose a strong, difficult-to-guess password to secure access to it. If you choose well, all your passwords will be safe even if the finder/thief finds a way to gain access to your device.

Disable auto sign-in for banking and other financial apps.

Limit the amount of sensitive information you put on the device. Seriously consider encrypting sensitive information that you have to keep and use on the device. Take advantage of the encryption features available on it or use third-party software solutions.

Do a regular backup of the content on the device. You can do it manually or make it so that the backup is performed automatically by the device itself at regular intervals (with the backup being stored in the cloud). Encrypt the backup.

It also might be a good idea to keep your online accounts as “clean” as possible: delete connected apps you don’t longer use and delete emails/private messages/information that you no longer need. If the thief manages to gain access to it and, through it, to some of your accounts before you had the chance to prevent this from happening, the less information they hold, the better it is for you – and for your contacts.

Finally, you might also consider creating in advance a document containing information about your devices that could help law enforcement/your mobile carrier. It’s not that you can’t compile it after the incident has happened, but it might make reporting the loss/theft to them easier and faster.

Conclusion

I’ve had the good fortune of never having had any of my mobile devices stolen or lost but have witnessed first-hand the distress and problems such an incident can lead to.

While the cost of getting those devices replaced is definitely a factor, most people are more worried about losing control of the things that are on the device. Our mobile devices (and our smartphones especially) store and can lead to much sensitive information as well as data that’s important to us but wouldn’t be to anyone else.

Making sure that we can keep it all as secure as possible should be a no-brainer.

This is a sponsored post for Dropbox. All opinions are my own.