Hacked and Hijacked! How to Save Data if Your Portable Device Is Stolen

Symptom:

You reach into your pocket or bag, and, well, it's empty!

Diagnosis:

Beyond the understandable distress of losing a pricey smartphone, laptop or tablet PC, the real trauma is the sudden and unfettered access afforded to the slippery-fingered jerk who took it. The cost of a new laptop is meager compared to the personal and even financial havoc that a motivated thief can wreak with the data stored on a typical portable device.

While a laptop is obviously the holy grail of data, consider all the apps you've installed on a smartphone or tablet that auto-login at the poke of a finger: e-mail, Facebook, Twitter, texts, address book, photos, videos, et cetera. And don't forget the passwords and account numbers for bank accounts and credit cards -- not to mention any business-related data you may lose if it's a company device.

In real-world scenarios, if your device is password-protected, your data will almost certainly be fine, with the thief either wiping it clean or fencing it as-is. So, while you're out the cost of the device, the buck stops there, as it were. If you never did protect your gadget with a password, and if you haven't taken precautions via tracking or remote security software, you're in for a lot of administrative hassles at the very least. Expect a tedious rigamarole of notifying all of your account holders of the theft, and the process of changing passwords and login info for every site and service you frequent. At worst, a sophisticated thief can cause an all-encompassing world of hurt by digging deep into your digital treasure trove, leading to prospective identity theft, ruined credit and financial loss.

Cause:

Our pursuit of convenience can often collide with modern reality. In the not-too-distant past, the damage from a swiped cell phone or laptop had generally built-in limits, simply because our devices were still pretty dumb. Most of us had only begun taking digital photos and texting, and online banking and shopping were still novelties. It's only been in the last half decade or so that all of our personal info has become streamlined, centralized and instantly accessible. Now the stakes are higher. We use the Web for everything, and our devices conveniently remember our every action.

The problem, then, is that the vast majority of us haven't adequately adapted to the digital evolution. We continue to treat our current digital devices, which are now full of important personal data, as casually as we did a decade ago, and neglect to employ even the most basic security measures.

To be fair, we think that manufacturers are at least a little culpable as well. In the interest of maximal user friendliness, a good percentage of them have made security an afterthought instead of a priority -- and, when things go wrong, we're the ones left holding the bill.

Treatment:

In the wrong hands, any device, even one with hardcore passwords and security measures, is still completely hackable given enough time and energy. But that's a theoretical concern, and, unless you're far more important than we assume, you fortunately don't need to worry too much about those situations. In most cases, protecting your mobile device with a solid password will safeguard your data against a thief.

Laptops

1. Set up your laptop so that it requires a password for any user account. Then, set it to require a password when awoken from sleep/standby/hibernate, as well as after two or three minutes of inactivity. (If you don't know how, click here for Windows and here for OS X. But heading to Settings/Preferences is a good start.) Make it a good password -- at least six-characters long, mixing numbers and letters as well as capitals and lowercase. When in public settings, put your laptop to sleep every time you physically leave it (which you shouldn't do anyway), even if you think it'll only be for a few seconds. This setup creates the smallest possible window of opportunity for anyone to hop on your laptop and access anything, even if they've pilfered it.
2. For additional security, both Windows and OS X have built-in options for encrypting your specific user account files (FileVault for OS X), or both your user files and the entire operating system (BitLocker, for Windows 7 Ultimate and Enterprise); in fact, Windows can even be set up to require a specific flash drive that acts as a key to start the computer. If you deal with data of a highly valuable nature, both simple-to-use options make your hard drive virtually uncrackable. Click here for Windows instructions, and here for OS X.
3. A number of companies offer tracking software that allows you to locate your laptop from up to a couple dozen meters' distance by logging onto another computer, and, in some cases, take snapshots of anyone using it, display onscreen messages and even feign a malfunction. The most famous is Lojack for Laptops, which is pricey at $50 a year but offers "up to $1,000" back if they can't recover or delete the data on your laptop. We prefer Prey, though, which is free. (Read our breakdown here.) It works on as many as three devices, allows you to snap photos and screenshots (and transmit them), and locks down your hard drive. We also like that it can be activated after a theft via the Web or even SMS, and that it also works on smartphones.

Smartphone and Tablets

1. It will seem tedious as hell, but, theft or not, it's so easy to misplace a smartphone that it's madness not to make it password protected. And it's all the madder when you consider that virtually no apps require a password after they've been activated, and are basically wide-open portals to your data. Handy, yes -- but not at all secure. Use a strong password of random numbers, or, in the case of Android, a pattern that crisscrosses (otherwise thieves may be able to decipher the telltale smears on your screen). Be sure to notify your phone provider as soon as the phone goes missing to prevent charges from being run up, although you may want to hold off suspending the account until you've attempted to track the phone down.
2. Several smartphones and tablets offer free or cheap tracking apps that allow you to trace the location of your phone, lock it if isn't password protected, and send texts or audio tones even if the ringer is muted. They also allow you to wipe the device clean of all data if you're worried you'll never get it back. If you're able to contact whoever picked up your device and they don't seem ready to return it, hold off from letting them know that you can track it and perhaps negotiate a price for an exchange. Then notify the police and have them take care of it; as fun as it may be to confront your hostage-taker in person, you don't want to risk getting in legal trouble yourself.

Android

There isn't one solid tracking/wiping app that will work with every Android device, unlike with other operating systems. Verizon offers its own homebrew version called 'Mobile Recovery' (which also works with some WebOS and Windows phones) for customers who subscribe to its Total Equipment Coverage plan. It allows you to track and lock a phone, but apparently only lets you wipe contacts and not the entire phone. There's also the 'Where's My Droid' app (specific to Droids, obviously). In any case, we'd recommend going with 'Prey' (described above), which will work as well as or better than any of the Android options, but is deliciously free.

BlackBerry

Enterprise BlackBerrys can be remotely tracked and wiped easily by IT administrators, but consumer owners can also install apps like 'Roblack' ($10) that can track, lock or wipe your device. If you can wait a couple weeks, RIM is supposed to release the long-awaited 'BlackBerry Protect,' which will work similarly, although no price has been announced.

iOS

Apple's free 'Find My iPhone' and 'Find My iPad' apps can be used from another friend's iPhone or iPad to track yours, or can be accessed through the Web. It allows you to lock the device, send a contact message to whoever has it, play a loud tone even if the phone is muted, trace its location on a map, and wipe the device completely, if need be.

webOS

Palm (err, HP) owners are able to perform a remote wipe of their devices with their Palm Profile. (Click here for instructions.) Similar to Android devices, WebOS phones are stuck using either provider-specific apps, like Sprint's 'Family Locator,' or Verizon's 'Mobile Recovery' app. HTC owners can locate, backup and remotely wipe their devices via HTCsense.com.

Windows Phone

Windows Phone users can locate, back up and remotely wipe their devices (both the older 6.5 OS and newer 7) using Microsoft's new My Phone Windows Mobile service via the Web.

Related Posts

• What to Do if Your Identity Gets Stolen
• What's Next When Your Facebook/Twitter is Hacked
• What to Do if Your E-mail Account Gets Compromised
• What to Do if Your PC Gets Hacked

Tags: android, apps, bitlocker, blackberry, blackberry protect, BlackberryProtect, family locator, FamilyLocator, features, filevault, find my ipad, find my iphone, FindMyIpad, FindMyIphone, ios, ipad, laptop, lojack for laptops, LojackForLaptops, mac, mobile recovery, MobileRecovery, my phone windows mobile, MyPhoneWindowsMobile, notebook, pc, prey, RemoteWipe, roblack, security, smartphone, stolen, tablet, TheftProtection, TheftRecovery, thief, top, tracker, TrackLocation, webos, wheres my droid, WheresMyDroid