Learn what to do if your digital devices are taken.
- Assess the situation
- Identify content and documents on the missing device
- Identify contacts and linked accounts
- Deal with a returned device
Brenda returns to her office, only to find her laptop missing. She worries that her laptop contains information that could put her sources at risk.
She needs to know what was on the device before it went missing and what security protections were in place. Brenda worries that if she doesn't have a clear view of the damage done, she will not be able to start recovering.
How did you lose your device? Was it stolen by another person, taken by a state authority, or did you simply lose track of it? If this is an adversary you need to develop an appropriate response.
Were there any strong security protections in place, such as full disk encryption or password protections? This will help you to learn if files on your computer containing sensitive information are secure or not.
Think about your content and contacts
Make an inventory of what information was on your seized device. Examples may include files, location data, credit card data and more. This will help you learn about what may have been exposed or stolen.
If you had some of your information encrypted, think about where your encryption keys are and what content you encrypted. This will help you know more about who potentially could read the content of your files and documents.
Did you use encryption tools for email or chat (such as PGP and OTR)? This will help you learn if the content of your communications are secure or not.
Do your accounts have saved passwords or automatically log in when you turn your device on? Are your passwords saved in your web browser instead of a password manager like KeePassX? If you do, be sure to change you passwords immediately and refer to the Passwords lesson.
What files and other sensitive information was on your device?
Make an inventory of who was mentioned in the documents on your missing device. Was your address book encrypted? This will help you learn what contacts or networks may be at risk.
What accounts does your device have access to? Examples include email, social media, and messaging services that the device can access. Was your device used for secondary authentication? This will help you determine which accounts you need to change account settings for.
Remove accounts that were linked to your device
When your device has access to accounts (email, social media or web account) remove the authorization for this device for all accounts. This can be done by going to your accounts online and changing the account permissions.
Turn on 2-factor authentication for all accounts that were accessible by this device. Please note that not all accounts support 2-factor authentication.
If you have a tool installed on your lost devices that allows you to erase the data and the history of your device, use it.
Change your passwords
Ask yourself the following 4 questions and assess the risk that your device has been compromised:
How long was the device out of your sight? If you have lost contact with your device for a long time and you feel there is a chance that something has been installed on it, consider the following:
Reinstall the OS from scratch and recover all documents from the last backup and scan all your documents and files with antivirus software. For more guidance on this, see the the malware section.
Depending on your level of risk and how your device was taken, you may not want to use it again. If possible, move all of the data off of your phone or tables and purchase a new one.
If you cannot change devices but suspect it might be compromised, do not use your phone or tablet for sensitive communication or opening sensitive files. Do not take it to sensitive meetings or have it with you when discussing sensitive topics.
Who potentially could have had access to your device? This will help you know whether it was simply lost or if it was taken by an adversary the appropriate response. to take.
Why would they want access to it? This will help you know whether the information on your device and your networks might be at risk.
Are there signs that the device has been physically tampered with? This will help you know whether malware might have been installed on the device and whether or not you should us it again.
Beware of malware!
What is gitbook used for?
Is it quiz?