Though there’s been a lot of talk around safeguarding a mobile phone or Smartphone from the latest malware threats, it certainly appears as though many users are slow to pick up on the potential security risk involved if a handset is lost or stolen. The wide range of information stored on a handheld means that there’s plenty of potentially dangerous and sensitive data that could be manipulated for malicious purposes, and it needs to be emphasised that a similar amount of care should be taken with a handset as with a wallet, purse or house keys.
However, a recent national survey carried out on behalf of SecurEnvoy suggests that it doesn’t usually take long for someone to realise that a phone is missing, which could indicate that the general public are gradually becoming aware of the potential risk involved.
The survey covered almost 2,000 people and turned up some interesting figures.
- 40% of men would notice a phone was missing within 15 minutes, compared to 29% of women.
- Younger users were more likely to notice a phone has gone missing almost immediately – 28% of 18-24 year olds claimed they would do so in under 5 minutes, compared to 12% of those aged over 55.
- Just 3% of men and 6% of women said it would take an entire day to notice a phone was missing, though 13% of men and 16% of women claimed it would take “a few hours”.
Responding to the results of the survey, Steve Watts, Co-founder of SecurEnvoy commented “What these figures suggest is that mobile phones have become part of the national psyche, with people carrying them around much in the same way as they carry their wallets and purses, they have almost become our second skin. The clear trend is that the younger a person is - and the more steeped in the digital culture they are - the more use and awareness they have of their mobile handset, resulting in mental alarm bells ringing if they find their prize possession missing, for whatever reason.”
What’s stored on your phone?
While younger users, who may also more typically take advantage of the more advanced features of mobiles, appear to be more in-tune with the potential risk involved in loss or theft, not everyone may be aware of the sorts of data stored on a handheld, and what it might mean if this were to make its way into the wrong hands.
Typically you could expect any or all of the following to be accessible to a third party, depending on what a phone is used for and its capabilities.
Text messages, emails and other correspondence – while in many cases there won’t be anything particularly sensitive stored in a message or email folder, on occasion these could include passwords and login details for websites, registration codes for services or simply personal information that you wouldn’t want read by a third party. In addition, a phone could contain login details for mail accounts that would allow someone full access to all mails sent and received.
Contacts and appointments – again, there may be nothing of particular concern here, but losing contacts and appointments, particular if a phone is being regularly used as a “diary” could involved significant inconvenience until these are retrieved.
Website login details and passwords – many modern web browsers allow you to automatically store login details and passwords for easy access to a site at a later time. It goes without saying that without proper protection, a third party could also find it very easy to access personal accounts and online merchants.
Bank account and credit card details - in a similar fashion, your phone may contain bank account login details, along with credit card information and more if it has been used to perform transactions online.
General data and documents – sensitive documents stored on a phone could potentially be accessed by a third party, and this would be of particular concern to business users. In addition, photos, videos and other content that may be difficult or impossible to replace could cause significant inconvenience.
It’s also important to bear in mind that the wealth of data stored on a mobile phone is only set to increase. With a typical device becoming ever-more capable of simplifying tasks by offering features such as contactless payment (http://www.bullguard.com/bullguard-security-center/security-articles/near-field-communication---pay-by-waving.aspx), replacing locks and keys and handling ATM transactions and travel permits (http://www.bullguard.com/bullguard-security-center/security-articles/airport-check-in-and-atm-cash-withdrawal-%E2%80%93-all-via-your-mobile-phone.aspx) the importance of safeguarding a device will only increase.
Steve Watts confirms “Users are clearly using their mobile phones as a multi-functional device. The range of features on today's smartphones, driven by apps and other non-voice facilities, means that it won't be long before we start using the mobile phone for an ever-increasing range of services. The time will come when we will open our cars, access our front doors and office premises, all using our mobiles. We are only just beginning to scratch the surface of multiple functions, largely owing to the immense flexibility that the modern cellular handset now offers people of all ages and classes,"
While all of this sounds rather concerning, it’s essential that the mobile industry move to safeguard consumers so that these conveniences and benefits can be enjoyed without fearing that a lost or stolen phone could put users at risk. The first thing that should be considered, and that will also safeguard against infection by malware designed to steal data remotely, is investment in a modern security suite that’s designed to counter these risks. If you don’t have a security suite installed, or aren’t in a position to access it in order to safeguard a phone, there are a number of general tips to bear in mind in the event that a phone can’t be found.
Preparing for loss or theft – pre-emptive measures
Adopting safe practice when using a mobile is an important consideration. This is especially prevalent if, as a user, you’ll be travelling a lot with a handset, consider yourself likely to potentially misplace a phone or are working with a lot of sensitive data. Here are some things you can do to make sure that it’s as difficult as possible for someone to gain access to your device:
Where’s your phone? The most obvious safeguard is to make sure you know where a phone is at all times. Make a habit of keeping a phone in a pocket or bag rather than leaving it on a table in public places, keep it about your person at all times when out of the house and use a vibrate alert so that a recognisable ring tone doesn’t indicate to a potential thief that you may be using the latest model.
Set up a PIN and/or keylock on a phone. This can be done to both protect the handset when it is unlocked, and to protect the SIM card to prevent someone from removing it and using it with another handset, thereby accessing stored data and potentially running up a huge bill.
Use encryption to protect sensitive data. Particularly relevant to Smartphone users, most platforms have access to a number of applications can that be used to encrypt sensitive data or specific folders on a device, requiring a secure password before these files can be viewed or modified.
Make sure important data is backed up. This can include contacts, text messages, appointments, emails and other data stored on a phone that would be awkward to replace if it was lost or stolen. Even if you don’t consider yourself at risk due to any potentially sensitive information that may be accessed by a third party, one of the biggest annoyances when losing a phone is to having to replace this data when a new mobile is up and running. While modern security suites can help with this, most proprietary software provided with a phone is also capable of backing up key information to a computer.
Consider insurance: Mobile phone companies are always eager to sell insurance with phones, which can help cover the cost of any calls made since the device has left your hands as well as the expense of a replacement handset. However, before considering dedicated insurance with a company or provider, check to see if your home insurance covers accidental damage, loss or theft of a mobile – it’s often cheaper to get this included on an annual premium rather than pay a monthly fee. In addition, many banks now offer accounts that include mobile phone insurance along with other benefits, and this may again work out to be a more effective option.
Make a note of your IMEI and serial number. This may not be essential but can aid in tracing and retrieving a phone, and may be requested by the police when it is reported stolen. An IMEI number can be found by entering *#06# into the dial screen of a handset, and the serial number can usually be located under the battery compartment. If in any doubt, your service provider should be able to help you find these details.
What to do if a phone is lost or stolen?
Call the phone! This may sound obvious but often if a phone has been misplaced it may have been left with an authority in that location or the noise of the phone ringing may alert someone to its whereabouts. This is always a good first step to help make sure that a phone can’t be easily found, and in addition, if the call goes straight to answerphone (provided it has sufficient battery) this is a good indication that it is being used or has been turned off by a third party.
File a report: Assuming you’re not in a position to remotely lock, locate or wipe a phone (though some modern security suites do offer these features), the first thing to do when a phone is lost or presumed stolen is to call your service provider. They will be able to disable the phone remotely to prevent anyone from making calls from the device, and in most cases accessing any of the key features. In addition, phones enabled with GPS can be located remotely, potentially aiding in the device’s retrieval.
Report to the police: If you suspect a phone has been stolen, file a report with the police to retrieve a crime reference number – this could be essential in ensuring that you can get the full price of the handset reimbursed by an insurance company.
Consider what’s stored on the phone: If you presume a phone stolen, a good reactionary measure is to change passwords for any particularly sensitive accounts that you may have accessed from the device, especially if you consider that passwords and login details may be stored there. Consider the most vital resources, such as online banks, merchants and other web pages that may store personal or financial details and change your password as soon as possible to ensure that they will not be accessible to a third party.
Be prepared: Lastly, it’s important to realise that the sooner you react to a lost or stolen phone (much like as you would with a credit card), the lower the chance of it being used for unwanted gain. Keep a copy of important numbers – such as the customer service centre for your provider and even local police – about your person so that you are in a position to contact them as soon as possible. In most cases it’s better to be safe than sorry, and if a phone does turn up it can then be re-enabled once your identity has been confirmed by your provider.
The industry is moving quickly to address recent concerns surrounding mobile phone security, and a dedicated suite of tools designed to safeguard a handheld is becoming evermore important. By adopting these safe practices and increasing awareness of the type of threat that may be posed to users however, you can ensure that you are well prepared for potential loss or theft and don’t have to suffer the financial consequences and inconvenience involved in replacing or retrieving such a device.