Increasing Rates of Phone Thefts Worldwide Pose Significant Data Security Risks

• Mobile phone thefts continue to rise in major cities around the world, and high-net-worth and C-suite individuals are more attractive targets due to the valuable information they may have on their devices.  
• Mobile phones often contain sensitive personal and corporate data that thieves can misuse for unauthorized purchases, identify theft, phishing scams, and corporate data breaches.
• Proactive steps to protect devices include setting strong lock screen security, using password managers, enabling multi-factor authentication (MFA), encrypting sensitive data, and regularly backing up data to a secure cloud.

Mobile phones often contain large amounts of sensitive personal and corporate data, such as personally identifiable information (PII), photos, banking and financial data, contactless payment systems, personal and business email accounts, and social media accounts. In a best-case scenario, perpetrators might only use a stolen phone for its parts.

In a 'worst-case' scenario, thieves could access a phone's sensitive data, leading to several risks. They could mine enough personal data from emails, social media accounts, and cloud storage to impersonate the owner and carry out phishing scams against the victim’s contacts. With access to banking or e-commerce apps, cryptocurrency wallets, and payment information, thieves can make unauthorized purchases or transfers and open lines of credit. Unauthorized individuals can access work-related files, emails, or cloud storage repositories on personal devices, leading to corporate data breaches. Criminals can misuse, share, or sell personal photos, messages, and location data, compromising privacy and safety or using them for extortion purposes. Thieves could also post harmful content on social media and chat platforms.  

Many applications require multi-factor authentication (MFA) or authenticator apps to log in, which cannot be done once criminals steal the victim's phone. Additionally, perpetrators could hack Google or Apple ID accounts and bypass MFA on other apps altogether. 

High-net-worth and C-suite individuals make attractive targets due to the sensitive and valuable data their phones may hold, and there is no foolproof way to avoid becoming a victim of mobile phone theft. It is, therefore, imperative to put proper precautions in place while still possessing the device. These include:

• Set strong lock screen security using a strong PIN (more than six digits), complex password, biometric lock (fingerprint, facial recognition), or a combination thereof.
• Avoid auto-saving passwords or reusing the same password for multiple apps. Instead, use a password manager app with its own security to protect login credentials.
• Enable an additional layer of security, such as two-factor (2FA) /multifactor (MFA) or App Lock, for apps containing any sensitive personal or corporate data.
• Encrypt sensitive data to prevent unauthorized access to if the phone's storage is accessed.
• Regularly back up data to a secure cloud or another device so if a phone is stolen, lost data can be recovered and restored to a new device.
• Make a copy of details such as the device model, the International Mobile Equipment Identity (IMEI) number, and the SIM card's Integrated Circuit Card Identification (ICCID) number.

When a phone is stolen, thieves often seek to take the stolen device offline promptly. The sooner the following mitigation actions are taken, the less likely criminals will be to access information on the phone:  

• Report the theft to police.
• Change passwords for all email, banking/investments apps, social media accounts, e-commerce apps, and password manager apps.
• Cancel any credit cards linked to Apple or Google Pay.
• Enable services like Find My iPhone (iOS) or Find My Device (Android) to remotely lock the phone's data if the phone is lost or erase the phone's data if it is suspected the phone has been stolen.
• Notify mobile phone carriers, important contacts such as friends, family, employers, banks, credit card companies, and other relevant entities to monitor for suspicious activity.
• Conduct credit checks to monitor if somebody has applied for credit using stolen personal information.
• Block the stolen SIM and IMEI numbers and move the number over to a new SIM.  

Organizations that provide mobile phones to employees or have Bring Your Own Device (BYOD) policies should also implement Mobile Device Management (MDM) systems. MDM is software loaded onto a phone that provides tools for device configuration, remote monitoring, application control through whitelisting or blacklisting, and data security, ensuring compliance with company policies. Additionally, MDMs contain data encryption and segmentation, and remote wiping software which can be utilized if a phone is stolen or goes missing.

As the average selling price of mobile phones continues to rise along with other consumer prices, users are increasingly buying phones used instead of new, or replacing them at a slowing pace, which has in turn created a booming market for second-hand devices. These dynamics will almost certainly continue to drive the theft of devices in the coming months.