Mobile phone theft: Securing your data with proactive measures 

Blog
Written By Morten Peachey

Mobile phone theft has been on the rise in recent years, with the Met Police reporting that a device is stolen every six minutes in London. We’ve had clients experiencing iPhones being snatched from their hands by thieves on electric bikes and mopeds across London, from Mayfair to the City, disappearing into the distance with the device never to be seen again.  

The consequences can be devastating, especially if your PIN code or password has been entered or observed beforehand. This could grant thieves unfettered access to everything on your device, including sensitive photos, mobile banking apps, corporate data and social media accounts, on top of the trauma of the incident itself.  

Given that a stolen device is likely gone forever, it is crucial to be prepared to respond to such incidents and take steps to minimise the likelihood and impact of theft.  

This blog discusses some proactive precautions you can take to reduce the impact of such compromises for you and your family devices, as well as what to do in the event of theft. Taking these actions today will give you the confidence that if your phone is stolen, you have limited the access to your most sensitive information.  

Proactive data security measures 

  1. Update theft protection settings: For iPhone users, enable Stolen Device Protection. This feature adds extra security requirements when your iPhone is away from familiar locations like your home or workplace. Even if someone has seen your passcode, this feature will enforce Face ID or biometric authentication to access stored passwords and credit cards.    

    In addition, activate Security Delay. Enabling this will prevent certain privileged security actions, such as changing your apple account password for an hour and will also request a second Face ID or Touch ID authentication to prevent unauthorised changes to your Apple account.  

  2. Enable Find My: Use this or a similar service beforehand as it can’t be enabled retrospectively after the device is lost or stolen.  

  3. Review and update your account information: Log in to your device account portal and review the email and phone numbers associated with your account, account recovery methods and ensure your password hasn’t been changed.    

  4. Use strong authentication: Ensure your device has a strong passcode of at least six characters that it is not easy to guess. Better still, use a long alphanumeric passcode. It doesn’t have to be complex; using three random words can be effective. With Face ID and Touch ID, you won’t need to input it regularly, so it shouldn’t be a burden. Also, be mindful when inputting your passcode on the go, to prevent shoulder surfing attacks.  

  5. Backup your device: Ensure that you have automatic backups enabled to reduce the time needed to get back up and running if your device is lost or stolen. This should include not only the Operating System but also other applications, such as Instant Messaging apps.  

  6. Enable Multi Factor Authentication (MFA): Set up MFA on all accounts that support it, weighing up the pros and cons of each type. Often, the same lost or stolen device is used in MFA verification via an authenticator app, or through SMS. Consider adjusting your MFA choices to help with restoring access to services following the theft or loss of a device to include: 

    • A FIDO2 key that is separate from your mobile device where possible 

    • Backup Authenticator applications on alternative devices 

    • Reducing SMS based MFA 

  7. Disable previews: Most devices have an option to restrict notifications so that message previews are not visible until the device is unlocked. Enabling this will reduce the information available to attackers.  

  8. Record your IMEI number:  Dial *#06# on your mobile device to identify the device’s IMEI number. This can be useful when reporting the stolen device to local authorities. 

After a device has been stolen  

  1. Mark as lost: If your mobile device is lost or stolen, immediately put it in Lost Mode to lock it from a connected device. Most mobile device vendors do not require you to log in from a trusted device to mark it as lost. Even if someone has your device password, with Stolen Device Protection enabled, Face ID or Touch ID is required to turn off in Lost Mode

  2. Report: Report your SIM card and device as lost or stolen to your mobile network operator and local authorities as soon as possible. Using an eSIM in preference to a physical SIM may reduce the time taken to restore service after the theft or loss of a device.  In addition, contact your bank to disable payment methods linked to your phone.

  3. Erase your data: If your device is stolen, it is statistically unlikely to be recovered. With Find My enabled, initiating a remote wipe is a sensible step. Although a remote wipe may not always succeed if the device is turned off immediately, it is still worth attempting. Do not remove the device from Find My, as this removes the activation lock, making it easier for a thief to unlock and resell your device. Removing your device from Find My can also complicate device care plans that include Theft and Loss coverage. 

About the author  

Morten Peachey is coc00n’s Chief Information Security Officer. He spent nearly 10 years working for the UK's National Cyber Security Centre working on Zero Trust Architecture principles and facilitating secure working in high threat locations.  

coc00n's unique mobile device protection secures phones, tablets and laptops against cyber attacks without any restriction on usability. Get in touch to find out more.  

Morten Peachey
Next

Family cybersecurity: 5 tips for keeping family devices secure