What to do when your mobile device is missing or stolen
For more tips and how-to’s, visit our tech blog
Whether you’ve lost a phone in an Uber or need to find a missing laptop, few things invoke instant panic like our favourite and most vital technology going missing. These devices are with us for a good part of our lives, and the data held on them includes files, personal financials, apps, passwords, pictures, videos, and so much more.
Your digital footprint is often more important than cash in your wallet. The data on these devices and their access to cloud storage or websites being in the hands of a stranger is quite scary.
There are approximately 70 million lost smartphones every year. The owners only recover about 7% of them. The workplace is where 52% of stolen devices go missing.
In 2020, Lifespan Health System paid a $1,040,000 HIPAA fine. This was due to an unencrypted stolen laptop breach.
If it’s a work laptop or smartphone that goes missing, even worse. This can mean the company is subject to a data privacy violation. It could also suffer a ransomware attack originating from that stolen device.
The Minutes after the loss of your device are critical
Depending on if the lost device is for business or personal use, the information on it could be misused at any time so the minutes after discovering it’s lost are crucial to locking down as much access as possible.
Your first priority will be to Lock the device, then report the device missing (or stolen) if it’s for business use, then – depending on severity – revoke access or wipe data remotely.
Steps to take immediately after losing your device
Take a deep breath. Anything you can lock down now will help overall, and the more risk you mitigate for a breach of personal or business information.
Here are steps you should take immediately after the device is missing.
Lock the device
Most mobile devices and laptops will include a “lock my device” feature. It allows for remote activation if you have enabled it. You will also need to enable “location services.” While good thieves may be able to crack a passcode, turning that on immediately can slow them down.
Apple/iPhone device lock on iCloud.com/find, Android/Google device lock on android.com/find, Windows device lock on Microsoft Find My Devices. More info on these below.
Report the device missing or stolen to your company if it’s used for work
If you use the device for business, notify your company immediately. Even if all you do is get work email on a personal smartphone, it still counts. Many companies use an endpoint device manager. In this case, access to the company network can be immediately revoked on the missing device.
Reporting your device missing immediately can allow your company to act fast. This can often mitigate the risk of a data breach, which will be much worse than the risk of a disappointed manager.
Log out & Revoke access to cloud storage
It’s very important to include cloud storage applications when you revoke access. Is your missing device syncing with a cloud storage platform? If so, the criminal can exploit that connection. They could upload a malware file that infects the entire storage system. They could also reset your device to resell it, and in the process delete files from cloud storage.
Depending on what service you / your company uses, (Dropbox, SharePoint, Google Drive, etc.) log in to your account from a secure device and log yourself out at all other locations under Account Settings.
Active a "Wipe my device" feature
Hopefully, you are backing up all your devices. This ensures you have a copy of all your files in the case of a lost device.
Does it look like the device is not simply misplaced, but rather stolen or lost for good? If so, then you should use a remote “wipe my device” feature if it has been set up. This will wipe the hard drive of data. See below methods for locating lost devices and locking or wiping them.
What about "Find my device" features?
In your phone or laptop settings, depending on manufacturer, there is usually a “Find my device” feature.
While you may not want to come face-to-face with a criminal, this can be useful to determine if the device has been stolen or simply misplaced. Below are instructions to locate your missing devices.
Health IT does not encourage vigilante behaviour!
Find My iPhone: Go to iCloud.com/find and enter your iCloud login username and password. If you try signing in to iCloud.com the normal way, it may prompt on the lost device for 2-Factor Authentication with your current location, which you may want to avoid.
iPhone Lost Mode: When in the Find my iPhone screen, choose your device from the dropdown at the top and click on ‘Lost Mode’ in the info popup. You’ll get an email to your iCloud email address to set a message on the device to return it, and any credit card services are suspended on the device. You can also see any updates to device location.
Find My Android: If you have your Google Account connected to your Android phone, use the Google Find My Device page. Select the phone from the dropdown at the top of the screen. The lost phone will get a notification. You will now be able to lock the phone with a passcode/pattern, or erase all data on the device.
GMail & Google Drive: If your device has signed into Google via GMail or the YouTube app, you can track its activity in the Google Account screen. Navigate to Security and click ‘Find a lost device‘. You’ll then be able to select the device you’ve lost and try calling it or signing out of your Google account on that device.
Windows Devices: You’ll need to turn on Find My Device first, by going to Start > Settings > Update & Security > Find My Device.
Once enabled, you can go to the Microsoft Devices web page and sign in. From here click ‘Find My Devices‘ and select the device you want to find. From the map, you can choose to Lock the device.
Consider what types of information your device holds
When a criminal gets their hands on a smartphone, tablet, or laptop, they have access to a treasure trove. This includes:
- Documents
- Photos & videos
- Access to any logged-in app accounts on the device
- Passwords stored in a browser
- Cloud storage access through a syncing account
- Emails
- Text messages
- Multi-factor authentication prompts that come via SMS
- And more
It’s absolutely vital to lock down anything you can, and be aware of any loose ends that may lead to further damage.
Need mobile security?
If you’re already a Health IT client, you’ll know how serious we are about security. If you’re new to our ecosystem, reach out and see how your devices stack up!
Article used with permission from The Technology Press.
Resources
Health IT provides free online security training to our clients and safety resources for download from our website.
To ensure your staff are keeping patient data secure, arrange a security audit by getting in touch today.
For more info and articles, visit our Tech Blog.
Safety cards
Printable safety cards Download and print email safety cards to pin up around your practice.The tips listed are a great...
Multi Factor Authentication (MFA / 2FA / Duo)
Take your security to the next layer Small companies make up 71% of all data breaches, and of that group...