Kardashian Robbery Highlights Cell Phone Data Vulnerability
Getting robbed at gunpoint is a horrifying enough experience. But if you’re Kim Kardashian West, you can pretty easily replace your jewelry (since we can assume it was insured). More valuable than the reported $11.2 million in ice that was stolen by two masked thieves in Paris, though, was something that might be a bit harder to regain: Kardashian’s virtual universe.
“For her and a lot of celebs the phone is a gateway to their fans – they use it for Instagram, Facebook, tweeting and it’s actually the true communication device to the communities they reach,” said Michael Kaiser, executive director of the National Cyber Security Alliance. “Not only is it data-rich, but it’s functionality becomes part of everyday life and they have lots of important information on them, including a lot of data about you. In the case of celebrities, they have all their contacts on there – personal contacts, other celebrities’ information and numbers that truly should not be available to the public. There’s a high responsibility for stewardship of that information that’s been entrusted to you.”
Kardashian West’s two iPhones were reportedly stolen during the incident, and if she had proper security measures on them it’s likely the thieves won’t be able to get much information from the phones. Kaiser, whose organization recently teamed with the White House and dozens of other organizations to launch the Lock Down Your Login campaign as part of National Cyber Security Awareness Month, gave Billboard six tips for keeping your phone safe from cyberthieves.
- Layers and layers: “It always starts with the credentials you use to access your devices,” he said. “Step one is adding multiple layers of authentication to your accounts.” He suggested using a biometric log-in such as a fingerswipe (or, if available, a retina scan) in addition to having a very strong passcode and PIN to get into your phone.
- Location, Location, Location: Make sure you turn on your “Find my iPhone” app in case your phone is lost or stolen. Also, look into a remote wipe app that will allow you to delete all the data using your computer or another device, which the Find my iPhone web app can do.
- Stolen phones hard to fence: The good news, according to Kaiser, is that most phones companies now maintain a database of stolen phones so that when a report comes in of a stolen device that phone can’t be reused or turned back on again by a nefarious party. “That makes phones less valuable from a monetary perspective,” he said. “You can’t steal a $700 iPhone and turn it back on, which helps the everyday user, but not a celebrity whose phone is a target because of the data on it.”
- No WiFi is good WiFi: It might be hard for most people, but Kaiser said you should be very careful about using open WiFi networks with your phone. “There is a lot of vulnerability on those networks and you never know who else is on them and what they are doing on that network, or what they plan to do,” he said. “You need to understand that your cell phone connection to the internet is much more secure that a WiFi network.”
- Put it on the cloud: Your phone can be a storage device or a transit device, which means you can either keep everything on your device – where a crafty criminal can find a way to get into anything on it, even if it’s locked down – or you can move your photos and other critical information onto the cloud. “Just deleting something doesn’t mean it’s 100 percent deleted,” Kaiser said. “You still need to have really good credentials on those iCloud accounts, the same principals apply.” You can also program your phone to only hold your most recent emails, with the rest sitting wherever your primary account is, which should, of course, also have strong authentication. “Your email account is really critical, the crown jewel, and when you forget the password you can click to send an email reminder. But if your phone is compromised someone can reset your passwords across the internet with access to your email.”
- Double down: A number of sites and networks now offer (or demand) a secondary authentication code. Make use of that code and have the website or app send a text to your mobile device before allowing you to log in. “You can have that code sent to your regular phone as well and then go back into the account and put it in,” he said. “For the most significant protection, use a logon approval to get into your account for a device that has never been used before. That way it will ask you, ‘is it okay that this iPhone was trying to access your Facebook account?'” For even tighter security, Kaiser said there are hardware devices you can get that plug into or tap on the back of your phone that require both devices to unlock your mobile.
The bottom line, according to the NCSA is that 72 percent of Americans think their accounts are secure with just passwords and usernames, but every two seconds someone is the victim of identity fraud.