Few things invoke instant panic like a missing smartphone or laptop. These devices hold a good part of our lives, including files, personal financials, apps, passwords, pictures, videos, and more. The information they store is likely more extensive and private than even what is in your wallet. It's often not the device that is the biggest concern; it's the data on the device and access the device has to cloud accounts and websites. The thought of that being in the hands of a criminal is quite scary. There are approximately 70 million lost smartphones every year, and the owners only recover about 7% of them. The office is where 52% of stolen devices go missing. It is even worse if it is a work laptop or smartphone that goes missing. That can mean the company is subject to a data privacy violation, or it could suffer a ransomware attack originating from that stolen device.
In 2020, Lifespan Health System paid a $1,040,000 HIPAA fine. This was due to an unencrypted stolen laptop breach.
What Types of Information Does Your Device Hold?
When criminals get their hands on a smartphone, tablet, or laptop, they have access to a treasure trove of personal data. This includes:
- Documents
- Photos & videos
- Access to any logged-in app accounts on the device
- Passwords stored in a browser
- Cloud storage access through a syncing account
- Emails
- Text messages
- Multi-factor authentication prompts that come via SMS
- And more
The Minutes After the Loss of Your Device Are Critical
What you do immediately after you notice a device is missing is critical. This is the case whether it's a personal or business device. The faster you act, the less chance there is for exposure of sensitive data. Here are steps you should take immediately after the device is missing.
Activate a "Lock My Device" Feature
Many mobile devices and laptops will include a "lock my device" feature that can be activated remotely if enabled. While advanced thieves may be able to crack a passcode, turning that on immediately can slow them down. There is usually also a "find my device" feature available in the same setting area. Only use this to locate your device if you feel it's misplaced but not stolen. You don't want to end up face-to-face with criminals!
Report the Device Missing to Your Company If It's Used for Work
If you use the device for business, notify your company immediately. Even if all you do is get work email on a personal smartphone, it still counts. Many companies use an endpoint device manager; in this case, access to the company network can be immediately revoked. Reporting your device missing immediately can allow your company to act fast, which can further mitigate the risk of a data breach.
Log Out & Revoke Access to SaaS Tools
Most mobile devices have persistent logins to SaaS tools like Microsoft 365, Trello, Salesforce, etc. Use another device to log into your account through a web application, then go to the authorized device area of your account settings. Locate the missing device, and log it out of the service. Additionally, you should revoke access if this is an option. This disconnects the device from your account, so the thief can't gain access.
Log Out & Revoke Access to Cloud Storage
It's vital to include cloud storage applications when you revoke access. Is your missing device syncing with a cloud storage platform? If so, the criminal can exploit that connection. They could upload a malware file that infects the entire storage system or reset your device to resell it and, in the process, delete files from cloud storage.
Active a "Wipe My Device" Feature
Hopefully, you are backing up all your devices, so you have a copy of all your files in the case of a lost device. If so, then one surefire option you have in the event of a stolen device is to use a remote "wipe my device" feature if it has been set up. This will wipe the hard drive of data removing any personal data from it, so even if a criminal is able to crack it, they won't be able to gain anything from doing so.