I recall the first time I lost my wallet. I had gone to 7-11 after football practice and left my green Velcro wallet on the counter. I was home before I had realized my mistake. Back to the store I ran, but the clerk hadn’t seen my wallet. My friend suggested we walk through the parking lot before we left, and sure enough, I found it laying off to the side of the lot. My license and student ID were still there, but the cash for my Mountain Dew addiction was gone.
Today, most of us still carry wallets or purses around, but the most private information is often found on our phones. Losing a wallet is no fun, but credit cards can be cancelled and replaced within a few days. You might be out a few bucks too. But it usually pales in comparison to the damage a thief can do with the information stored on your phone.
Recently, I changed the 4-digit PIN on my iPhone. I also reminded my spouse and my daughter to do the same, and I was feeling pretty good about myself. But then I began going through apps on my phone such as Gmail and Dropbox, which do not ask for a password. A thief could learn a lot about me with access to these two apps. But I wasn’t too concerned until I opened Evernote and realized the sheer amount of personal information I had stored there over the years. That’s when I began to consider how I could better secure my phone, and what I would do if it were stolen.
The challenge of securing mobile devices doesn’t end with the consumer. Companies expect their employees to be productive while away from the office, and put phones in the hands of even their most junior employees today. These phones have access to a myriad of corporate services and information that could prove damaging in the wrong hands. A company’s product road map, marketing plans, and financial data are often shared among employees and across many devices including phones.
Securing computer devices has been a constant challenge for IT professionals, even when employees performed their jobs while sitting at desktop PC, in an office, or on a secure network. Laptops added to the complexity, but could often be secured using many of the security tools used on desktops.
Then phones and tablets arrived running Android or iOS, and the challenges for securing these devices and their data multiplied exponentially. So what can be done to secure our phones? Let’s take a look at some best practices.
Rule #1: Use a PIN
According to a study conducted by Confident Technologies, 44% don’t use a PIN because it’s “too much of a hassle.” And yet this same study found that 65% of users have corporate data on their phones. Having a PIN on your phone is akin to locking the doors on your home. It won’t keep out the determined burglar, but it may encourage the casual thief to select an easier victim. Any phone with access to corporate information should be required to use a PIN.
Rule #2: Enable Auto-Lock
Once you have a PIN, set your phone to auto-lock itself after one or two minutes of inactivity. It might feel a bit inconvenient at first. But keep in mind that a little inconvenience on your part is also making it very inconvenient for someone trying to break into your phone.
Rule #3: Install Security Software
If your employer issued your phone, you may already have software on your phone that works to catch viruses and malware. For Android, IT has a number of choices that include Avast, McAfee, and Kaspersky, but there are also a number of apps available in the Google Play store that promise to protect your phone such as ESET that provide antivirus protection, but also includes a anti-theft features such as remote lock and GPS tracking.
You might have noticed the dearth of similar apps for iPhone which has a lot to do with how each mobile OS handles security. In short, Google provides apps a wider array of access to your phone while Apple restricts such interaction to a great degree. Apple believes their approach results in a more secure device, and as such, has only recently approved a handful of antivirus apps in their App Store.
What if you’ve lost your phone? First, call your phone. Assuming someone didn’t intentionally take it, somebody may answer and work to return it. If nobody answers, send a text to your phone with a short message that you’ve lost your phone and include a phone number where you can be reached.
If you can’t reach anyone by calling or texting, try using location services to track its location. Android users can track their phone by using the Android Device Manager while iPhone users must have Find My iPhone installed. These two services can also remotely wipe your phone as a last resort.
If that fails, it’s best to begin changing the passwords to your most vulnerable accounts. This would include email, Dropbox, Facebook as well as your bank accounts. Once you’ve done that, call your phone company to report your phone as stolen and have them deactivate your account. Lastly, report the incident to your local police department.
Losing your phone can be painful. But taking a few steps beforehand, can help reduce access to private information and hopefully return it back to its rightful owner.
Top photo credit: Wikimedia