How Data Loss from Lost, Stolen Devices?

Data Loss from Lost, Stolen Devices is a particular issue that is exuberated by how users use such devices. 

Why Data Loss Threat is high?

According to a survey of 4 of 3000 consumers conducted by McAfee in early 2021, it was found that a third of consumers surveyed fail to protect their mobile, tablet with a personal identification number.

In 2021, Transport for London (TfL) responded to a Freedom of Information request confirming that a total of 19,833 mobile phones were handed into its lost property department, with 4308 claimed by their owners, For tablets, there were 506 handed in, with 290 reclaimed by their owners.

This of course was only those devices handed into the TfL and is a very small number compared with those mobile devices that actually go missing. 

In London, the Metropolitan Police estimate that up to 10,000 mobile phones are stolen every month, which when combined with those not stolen, but that are simply lost (there will likely be some overlap), the amount of data that go missing each year across the globe will likely be significant. 

This of course justifies the decision to rank this particular threat as the highest. Particularly, a third of these users are unlikely to have any form of security controls protecting the device. 

Not having any form of security controls will likely result in unauthorized attempts to access the data/applications on the device. 

In the Symantec Smartphone Honeystick project, smartphones were released (as lost), and in almost all instances, attempts were made to access data on the device:

1. About 83% had attempted to access business apps
2. About 89% had attempted to access personal apps
3. About 96% had attempted to access at least some type of data
4. About 50% of finders contacted the owner and offered to help return the phone

Although many organizations are likely to have some form of a mobile management solution to manage mobile devices commissioned by them directly, there will be many more personal devices owned and managed by the employee. 

These are unlikely to have any form of security controls (based on the McAfee research this seems a fairly safe assumption), and should employees use such devices to store corporate data whether under the approval of their employer or not, then the loss of device will be nowhere as significant as the data getting into the wrong hands. 

In addition, the combination of these employee devices storing corporate data, and users installing apps with impunity, there is the risk with regards to the level of access such apps have to contacts, private pictures, social networking, Webmail, and passwords.

17 proven ways to prevent Data Loss from Lost, Stolen Devices

1. On-Device Encryption
2. Setting complex Password
3. Two-Step Verification
4. Find My Device
5. Advanced device Security Settings
6. Fingerprint Unlock
7. On-Body Detection
8. Trusted Places
9. Trusted Face Recognition
10. Trusted Voice
11. Physical Security Key
12. Disable Smart Lock and Auto Sign-In
13. Disable Bluetooth Connectivity
14. Use a Password Manager
15. Use a VPN
16. Use an Authenticator App
17. Enter Lockdown Mode

7 additional steps to help enhance your device security

The below steps are defined by NortonLifeLock Inc.

Step 1: Read all app requirements before installing an app

Before downloading an app, read its permission list. This shows what parts of your device the app wants to access. In addition to understanding what the app wants to access in your device, always check out the privacy policy. What kind of data does the app want to collect and, if it plans on keeping that information, how will it be stored and secured? And what will the app developer do with the information. Some apps sell info to third-party marketers.

Step 2: Ask, “Is the app reasonable?”

Once you have reviewed the app’s permission list, consider the app’s requests. Do they seem reasonable for the app’s purpose? For instance, does a game app really need to access your contacts? If so, what’s the reasoning? Does the game use social sharing? Otherwise, you may not be comfortable allowing this level of access to your personal information.

Step 3: Check the apps installed on your device

Review the apps already installed on your phone and check for excessive permission requests or settings.

To see the permissions given to an application after it’s already been installed: The below steps for devices only.

1. Open your devices’ main Settings app.
2. Depending on your device model, tap on Apps or Application Manager.
3. Select an app.
4. Scroll down to “Permissions.”

Step 4: Uninstall unneeded apps

If you haven’t used an app in a while, uninstall it. This cleaning will keep you up-to-date to avoid any unnecessary risks while making more room on your phone.

Step 5: Never open unsolicited emails or attachments

Email is another point of access for malware. Consider this: You receive an email from a sender who looks like your friend. She has included an attachment that looks enticing. You open it, and guess what? It’s actually from a cybercriminal and you just downloaded malware onto your phone.

Step 6: Stay up-to-date with the latest security patches

Updating your device with the latest software updates and security patches is essential to keeping your device safe and secure. These fixes can help protect against security flaws hackers could exploit to find their way in.

Step 6: Stay up-to-date with the latest security patches

Updating your device with the latest software updates and security patches is essential to keeping your device safe and secure. These fixes can help protect against security flaws hackers could exploit to find their way in.