Protect Your Mobile Devices - Six Lessons Learned From A Stolen Phone Adventure
What do you call someone who saw an iPhone being stolen?
An iWitness.
My husband and I were in Ireland in September. It was a wonderful occasion; my bestie's daughter got married, some of our closest friends were there, and the weather was unseasonably glorious (my bestie mocks me for using the word glorious so that one is for her). The only downsides to the trip were the driving (it is genuinely terrifying to drive in Ireland) and Jeff’s phone getting stolen. We lived through both traumas, but I have some thoughts to share with you to get out ahead of losing your device or having it lifted.
My husband always has his phone, freeing me up from mine when I am not working. He does the heavy lifting of communicating with our family and friends, taking the photos that form the story of our lives and Google mapping where we are headed. Having his phone stolen was a wee bit of an eye-opener for security and backup measures.
Everyone's phone quite literally has their lives on it: from precious pics, conversations we treasure, banking and social media - the list of apps we use is sprawling. And the more apps we use, the more we open ourselves up to nefarity (I made that word up, of course; fun, though, right?).
The number one piece of advice is to act on my suggestions now.
Some of these actions you can’t take after the phone is stolen or lost, and you will be sorry then.
We should all have undertaken these first few bits of advice, so I’m simply stating the obvious and not giving step-by-step directions here. You can quickly Google them; I’ll save you the reading of what you may already know and have done.
Lock your devices.
I’m not convinced sophisticated thieves couldn't unlock your device to access apps, but petty thieves and those acting out of opportunity likely can’t.
Use unique lock codes for every device
Turn on find mode for your devices.
Turn on the capability to wipe your devices clean.
Know how to identify your device.
I haven’t done this, truth be told, but I’m going to this weekend.
Your device has a serial number and an IMEI or International Mobile Equipment Identity
The serial number comes from the manufacturer, and IMEI numbers are standard across the industry
Keep a record of these; perhaps take screenshots and store them somewhere accessible from anywhere, so you have them if your mobile is stolen/lost
Back up your devices and your apps.
Lucky for us, this is something Jeff did; his photos are precious to him.
He used Google apps for this, but the iPhone makes it seamless with iCloud storage
Know your passwords and turn on 2FA for your apps!
And make them impenetrable, especially the one to open your password manager app!
We use a password manager app so we could change the password on most of his apps quickly
Still, there was a lesson (see below) on SMS 2FA
Interestingly, I know a few folks who think locking their phones qualifies as 2FA, which, of course, it doesn’t. You are simply locking others out of your device, not out of apps, which can be accessed in ways other than your phone.
Total random bit of knowledge.
Having a paid Google Workspace for Jeff’s business was magic to reset the password using the Admin Console
His free Google account for personal use was somewhat messy to reset
Here are two other security measures, not related to loss and theft but important all the same.
Turn off Bluetooth when you don’t need to be connected to a device so others can’t connect their devices to yours
Turn off the hotspot when you are not using it to power the internet on other devices (laptop, iPad), so people can’t connect to your hotspot
Which should have a strong password, but all the same, it's to better err on the side of caution
Side note: I never connect to public wifi on my devices (iPad, laptop…); I always hotspot to them using my phone
What did we learn that I hope you don’t have to?
Whether you have locked your device securely or not, an abundance of caution should be exercised if your phone has been stolen or lost. I tried so hard to figure out if thieves could unlock phones; the info out there is murky but led us to believe this was possible, so we assumed they could and acted accordingly.
Lesson One:
The same thing that everyone learns and is frustrated by with telecoms - you have to jump through hoops, wait on hold, get transferred, and often only contact someone during time-zone-dependent business hours to get help with security issues - while standing on one foot and offering up your favourite pet...
The very first thing we wanted to do - to shelter his contacts and protect ourselves from outrageous cell charges - was suspend his service and SIM
Cell companies really don’t want you to do that; they want a human to talk you out of discontinuing services
So, this was a very frustrating and time-consuming endeavour for us
Just let us disable our effing’ SIM card or put our service on hold all by ourselves. There’s this thing called online self-serve that the very companies who provide it won’t let their customers use.
Lesson Two:
Know what apps you have on your device and how to disable them remotely.
Know their passwords so that you can disable access quickly, but ensure they are strong in the first place.
Back to harping about a password manager app… that has a strong password…
Many apps automatically log out on all devices when you change a password - this was great news for us
For some apps, you need to go into settings and set up to log out of all devices when a password changes - do this now, not later
For apps that don’t auto-logout, you can go into various settings to view what devices the app is active on and disable access
Lesson Three:
SMS 2FA codes often come to a phone.
Sometimes, you can’t change your passwords - even if you know your current password since they send you a code - to the very phone you don’t have…
Many apps allow for multiple ways of sending 2FA codes, such as a few different SMS numbers, emails and authenticators (use ones that can be on multiple devices - Authy & Google Authenticator - or download the data often so you can transfer to another device)
Enable them wherever possible
Or set up SMS codes to come into a VOIP system, or a close friend/family member's/travelling companion’s phone
Store your backup codes when you set up 2FA, so you can access them as an alternative to SMS 2FA
Lesson three is very complicated as 2FA is critical, but security needs to be balanced with access and convenience. We are still working the kinks out of this lesson.
Lesson three is for personal apps - your team’s business ones, I would trust, aren’t relying solely on their personal cells receiving text codes for managing your business’s apps.
Sort-of-off-the-stolen-phone-security-topic on receiving 2FA: using SMS is convenient, but the information is being sent, so just like receiving the codes by email, they can be intercepted, and they are susceptible to social-engineering based scams.
Lesson Four:
Limit your apps to what you truly need.
This is great to tame app sprawl in general but significant in the event of a theft.
Jeff only had Instagram on his mobile; he doesn’t really visit the other socials, and when he does, it’s on his Macbook, so he doesn’t have the apps for them
He also didn’t have banking apps, shopping apps (like Amazon) or anything associated with bank/credit cards - shopping, that’s my domain :-}
Most of us will have banking apps - I use this example only to illustrate that he didn’t have apps he didn’t use
Sort of related - if you absolutely don’t need payment information stored in an app, don’t
Uber and the like, you need it, but we went into our account and took the credit cards off it for the duration of the trip even though we had changed the password
Store apps and the likes of Amazon consider adding payment when you purchase, not as saved info
I realize this is inconvenient, but a password manager is super efficient in a use case like this (did I mention having an impenetrable password manager password and enabling 2FA to open it?)
Five:
Always travel with multiple devices.
We were grateful that we had my iPad to access some of Jeff’s apps on a bigger screen than my phone and that we had multiple 2FA options on some of his apps that we could access on my iPad
Six:
We learned that Jeff can live without his phone.
It took a few days for him to be comfortably disengaged from it, but his business and life survived.
The business survived because he had a voicemail message directing folks to email him rather than leave voicemails and that he would be slow to respond.
He set this up before we left :-}
Bonus Lesson:
We experienced an interesting cultural one.
We didn’t report his phone stolen because one could get laughed out of a police station in Canada for doing this.
In Ireland, you are strongly encouraged to report thefts because they have rings of phone thieves, and they want to protect unwitting tourists from becoming robbed and jaded
We didn’t realize how seriously they took this problem in Dublin, where they have phone cameras everywhere to thwart the baddies
Of course, the camera on the street by the cafe where Jeff was relieved of his phone was broken …
There’s so much more to securing our devices. I am by no means an expert. Still, I enjoy imparting real-world, actionable security measures you can take. Especially if they are lessons I have learned and can impart so you don’t have to.
You are going to be out of the busy season soon enough, perhaps travelling for business (yay! conferences!) and pleasure, so now is the time to be proactive about protecting your devices.
Featured Template
~~~
Featured Template ~~~
15% off discount code: BLOG
Clients are more engaged and compliant if expectations of their responsibilities are clear, workflows are pre-set for them, Tax Agency best practices are established, and they understand the basics of bulletproof bookkeeping.
If you don't take the time to provide this information, clients are not confident in collaborating with you. They don't know how to communicate with you, or supply information, and they don't know due dates. They lack confidence in the tech and they are unsure how to reach out for support...
A Client Guidebook creates clarity and empowers your clients so that they feel confident about what's getting done and their role in the process. It also positions your firm as the expert in this field.
It can be a lot of work to put together a comprehensive Client Guidebook from scratch.
Luckily for you, we’ve already done all the leg work! Created by accounting professionals, these templates create the conditions for a harmonious and efficient relationship with your new client.
What You Get:
• Long version (has a glossary, cloud accounting explanation and sample client workflow) Guidebook template. Short version is more succinct. Supplied as in horizontal and vertical layouts, in PowerPoint (PPT) and Google Slides (GSlide) versions.
• Folder with instructions, app partner logos and app flowchart images.
Here is what the branded, short version for my bookkeeping business looks like.
And here is a (not very professional) video of the templates you will receive. The templates were revised in July 2024, since this video. But you get an idea of what you will receive :-}
Scaling New Heights - Boldly Go
Sunday, June 16, 2024 9:00 AM EST - Wednesday, June 19, 2024 5:00 PM EST
Steering your practice over the coming years requires courage, direction, intentionality, and a healthy measure of grit. In other words, to embrace the future, accountants and bookkeepers must ‘boldly go!'
I am hosting three sessions:
Making Your Workflow App Work For You: Choosing and implementing a practice management app
Do You Google - Part One: Chrome Identities, Themes & Customization
Do You Google - Part Two: Discovering the efficiency of Google apps
Simply yours, Kellie :-}
::Shameless Call To Action::
I sell bookkeeping templates, standard operating process handbooks and client guides.
15% off discount code: BLOG