How to Bulletproof Against a Stolen Smartphone

I’d just come off stage in San Diego and was headed to NYC for another speech when my cell rang. When I answered, the person on the other end of the line was in total OUT-OF-CONTROL panic mode. It was the client I was headed to see in NYC, who, from now on, I will refer to as Barney Fife.

John, you gotta help me. I’m in NYC already, getting ready for the conference and I lost my phone sometime in the last hour. I don’t know if I left it at the airport, in the cab or someplace in between. You’ve gotta help me out because… it gets worse.

HOW does it get worse, Barney Fife? I asked.

Well, I keep my banking passwords in my contacts app, so anyone who has the phone, has my passwords, and my contacts. There’s more. “I use my personal email to transfer files between my work computer and my laptop. Yesterday, I emailed myself an Excel file of all of the speakers we’ve hired for this conference. It has all of their W-9 tax information. And then he got to the real point – it has YOUR W-9 information, your social security number!

So now I’m getting kind of motivated to help out. Barney, I’ve got one question for you… “Did you Bullet Proof Your Smartphone like I taught you”? I’m not sure, he said. And so I asked him three questions that I want you to ask yourself:

Question 1. Do you have a passcode on your phone? If not, nothing else matters, because all of that data on that phone is up for grabs by anyone who has the phone. Yes, I have a passcode! He answered.

Question 2. Do you  sync your smartphone on a regular basis with your computer so that you have a backup of all of the data in case the phone is gone forever? “Every day”, he said.

And Question 3. Did you enable remote tracking on your phone? “What’s remote tracking?”, he asked. Oh, we were so close!

So, your phone is essentially a tracking device. The same GPS technology that mapping programs use lets you see where your phone is anytime it’s turned on. If you turn on remote tracking, which both iPhones and Androids automatically come with, you can get on another computer and see exactly where your phone is on a map. If you left it in the hotel room, you know it. If it’s driving away from you at 70 miles an hour, you can appropriately freak out. OR, you could hit the button that remotely wipes all of the data off of your smartphone. You can remotely wipe your contacts, your email, your excel files with my SSN in them! And if you have a synced backup copy, you can restore it all to a new phone and pick up where you left off. Granted, you have to buy a new phone, but that is a small cost compared to the value of the private data on your device.

So it turns out that Barney Fife had actually turned on his remote tracking but had never used it. When I explained how he could remotely track it from his computer, he found the smartphone… in his jacket pocket.

Your One Minute Mission? Turn on smartphone tracking and wiping right now! If you have an iPhone, I want you to Google the words Find My iPhone and click on the page that explains how to set it up. For Androids, Google Find My Android and go to the page on that explains the entire process. Then, test it out and see where your phone is. If it disappears, log in from another computer and lock it, wipe it or go find it.

Stop Credit Card Thieves in the Act

Setting Up Account Alerts Can Help Protect You From Fraud.

Did you realize that you can have your credit card company and bank notify you anytime there is activity on your account? This tool makes it very easy to catch fraud before it stings your wallet.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

How Do I Stop Obamacare Identity Theft? [Burning Questions Ep. 3]

Today marks the start of the Affordable Care Act (aka Obamacare). As with any new, massive, government-sponsored program, scammers and identity thieves will try to take advantage of the public’s confusion and unfamiliarity with the new Health Exchanges (which we’re calling Obamacare Identity Theft).

Read more

Can Medical Identity Theft Really Kill You? [Burning Questions Ep. 2]

There has been a great deal in the news about medical identity theft leading to death. Is it possible? Yes. Is it likely? Less likely than dying of a heart attack because you eat too much bacon. But let’s explore the possibility of death by medical identity theft (below, in this article), and why the threat gets sensationalized (in the video).

Read more

Gladys Kravitz is Sniffing FREE WiFi Hotspots for Your Secrets

Is Gladys watching your Free WiFi Hotspot?

The free WiFi hotspot ritual is habitual. You head to your favorite café to get some work done “away from the office”. Justifying your $4 cup of 50 cent coffee with a Starbucks-approved rationalization (“I work so much more efficiently at my 3rd spot!”), you flip open your laptop, link to the free WiFi and get down to business. The caffeine primes your creativity, the  bustling noise provides a canvass backdrop for your artful work and the hyper-convenient Internet access makes it easy for someone else (think organized criminal) to intercept everything you send through the air.

At the table next to you, drinking a free glass of water (these guys are too smart to pay that price for a cuppa joe), sits a hacker running a piece of software that sniffs the data you send over the free (unprotected) WiFi. They watch your private data like Gladys Kravitz stalking the very bewitching and often nose-wriggling Samantha. When you log in to your webmail account, they record your username (usually your email address) and password. Since you use the same password for many different websites, they run an automated computer program that attempts to log into every bank in the world using that username and password. When it fails, the program automatically increments your email password in every way possible until it eventually cracks your banking code.

By the time you head for a latte refill, you can no longer afford it. (This is one effective way to break the Starbucks habit). Most of us have been well trained to unthinkingly connect to the FREE WiFi hotspot at cafés, airports and hotels. Wireless technology is both useful and powerful, but operating it without protection is like skydiving with a parachute that you never deploy (it’s a fun ride while it lasts…). If you connect to any WiFi hotspot without first having to log in with a unique username and password, there is nothing that masks your data as it travels through the air. (Watch the 9News Investigation Video with Jeremy Jojola for a sample).

How to use a free WiFi hotspot without crash landing

Like our previously mentioned skydiver, you want not only to put on your parachute before you jump, but to pull the cord before you taste dirt. Here are some simple steps you can take, along with a “How To” video, before you jump on your next free WiFi hotspot:

  1. HTTPS Surfing. If you absolutely must use the free WiFi hotspot, only exchange information over websites with encrypted connections. What’s an encrypted connection and how can you tell? Watch this short video to learn how to tell if you are on a safe, https internet connection. If you are, all of the data that goes between your device and the WiFi hotspot (and eventually onto the Internet), is scrambled and protected by a passcode (the encryption part) that makes it much harder to intercept. Banks (see video), Gmail and even Facebook (see video) offer HTTPS connections. Sometimes all you have to do on a website is to change your security defaults! If your connection is regular old http (no “s” at the end), just know that your data can be free for all to see (if they have the right tools).
  2. Tethering. Also known as a personal WiFi hotspot, tethering is the act of using your smartphone’s encrypted cellular connection to the Internet to surf securely from your mobile device. Tethering works for laptops, tablets and iPods and is relatively simple and inexpensive to use. To tether your computing device to your smartphone, simply contact your mobile provider (Verizon, AT&T, Sprint, T-Mobile, etc.) and let them know that you want to be able to connect your computing device to your smartphone (you want to tether). They will let you know that it costs about $15 per month (well worth the protection), will turn it on and will walk you through setting up both your smartphone and device so that they communicate with the Internet in a well-protected manner. Note: Many tablets, like the iPad, now come with cellular data access built into the device. So, for example, if you have an iPad with Wireless + Cellular capability, you can almost always connect via your cellular connection (just like your phone connects) and never even have to utilize free WiFi (though it’s still safe to use the secure Wifi in your home and office). You can do the same thing by accessing the Internet via your smartphone that is NOT connected to WiFi. Cellular surfing can be a bit slower, but it is considerably more private.
  3. VPN Software. Using a VPN (or virtual private network software), is a safer way to surf on free WiFi. Think of it like this: it takes the same protections you get when using an https connection and applies them to all of the URLs you visit. VPNs are standard gear for business users, but individuals need them just as much as corporations. One of the more popular VPNs for consumer use is Hotspot Shield VPN (this is not an educated endorsement of the product, just an example). The good part about a VPN is that it protects your data transmissions over the internet at all times, not just when using free WiFi.

Better yet, utilize all three solutions and find yourself 100% safer than the Frappuccino lover over at the next table. Mobile computing will increase your productivity, your connectivity and your flexibility. But to do it without a bit of security preparation is to court digital suicide.

John Sileo not only uses free WiFi hotspots (wisely), he is an internationally recognized keynote speaker on how to keep your employees from making poor data security decisions regarding identity, privacy and reputation protection. His happy clients included the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.  Tyler Tobin, the CEO and Chief Hacker for Tobin & Associates LLC, is a world renowned Professional White Hat Hacker. His firm specializes in performing compliance, GLBA and full-blown security assessments. His customer base is both regional and global. Assessments include social engineering, external and internal vulnerability and penetration testing and compliance examinations (SEC, SOX, SSAE and GLBA).