Lost Or Stolen Smartphone? What Do You Do?

Thursday, February 2nd, 2012 John Gallagher, Sr. Public Relations Manager

Several years ago, a colleague of mine had her smartphone stolen out of her room in Las Vegas. It didn’t stay in Vegas, in fact it was recovered by hotel security three days later – a hotel maid was dealing in stolen phones. But by that time she had already contacted IT, and a replacement smartphone was on its way.

Ah the days of corporate provisioned smartphones.

In the era of “Bring Your Own Device,” it is hard to know what to do when your personally-owned smartphone is lost or stolen. And this happens more than you may think, in fact in the Q4 iPass Mobile Workforce Report we found that 16 percent of mobile employees have had a smartphone lost or stolen.

So what do you do? To answer that question I sat down with our resident security guru Chris Witeck.

If it is a personally owned device he recommends that you contact your carrier right away, and if it has any business data on it (including email) then call your IT help desk as well. Your IT help desk may be able to remote wipe your phone, or disable your Microsoft Exchange account so that thieves won’t be able to break in. And if you recover your smartphone later hidden between the seats of your car, your wiped data can be easily recovered.

Time is of the essence though. Chris told me that many criminals will take the battery out to prevent remote wipe, and use a room without mobile access to break into the phone. When you consider all of the valuable information that you may store on your smartphone, like credit card information and passwords – it is important to act fast.

However, the first time we think about our smartphone security shouldn’t be after an incident. Chris recommends that you be prepared.

For IT:

1. Enforce a strong password policy, and make sure your employees can’t leave their smartphones unlocked.
2. Consider two-factor authentication, something the user knows combined with something the user has like a USB token or a smartcard.
3. Ensure corporate data is encrypted.
4. Enable device wipe capabilities whether it is a company-provisioned device or a personally-owned device.

For the user:

1. Password protect your device, and make sure that it locks after five to 10 minutes.
2. Password protect your password note page.  With so much data and access in the cloud, I know I have more passwords than I can remember. Chris told me that many people use their notes program on their smartphone to store passwords. If you are going to do this, you should password protect the note. Simple enough.
3. Invest in a “find a device” tool like the find my iPhone tool part of iCloud, or third party tools such as Whereismycellphone, BlueRetriever, Lookout or iTag. That way you can determine if your device was stolen, or just lost.
4. Respond quickly when your device goes missing.