CIRCL has just released the Digital First Aid Kit, developed in collaboration with EFF, Global Voices, Hivos & the Digital Defenders Partnership, Front Line Defenders, Internews, Freedom House, Access, Qurium, CIRCL, IWPR, Open Technology Fund and individual security experts working in the field of digital security and rapid response.
The First Aid Kit aims to provide guidelines for first responders, preliminary support and self-diagnostic tools for people facing the most common types of digital threats. It covers 6 main areas of concern: Devices seized, stolen or lost; DDoS Mitigation; Account Hijacking; Malware; Secure Communication and a Glossary.
CIRCL has recently received a high number of requests for information regarding lost and stolen devices. “In case of the loss, theft or seizure by a third party of your device, it is important to directly ask yourself a number of questions: what happened and when did it occur? what security protections were installed on my device: password, operating system? what data and accounts could be vulnerable? It would be essential to make an inventory of sensitive information and password protected accounts. This would then allow you understand which necessary steps need to be taken in order to prevent possible leaking and misuse of your information, contacts and accounts”, explains Alexandre Dulaunoy, from CIRCL.
Steps to take when a device is lost, seized or stolen
A number of steps have been defined in order to mitigate this problem. In case the device has not been returned, it is recommended to do the following:
- Step 1: When your device has access to accounts (email, social media or web account), remove the authorization for this device for all accounts. This can be done by going to your accounts online and changing the account permissions.
- Step 2: Change the passwords for all accounts that are accessible by this device.
- Step 3: Turn on 2-factor authentication for all accounts that were accessible by this device. Please note that not all accounts support 2-factor authentication ref: See 2-factor notes from the ‘Account Hijacking’ section.
- Step 4: If you have a tool installed on your lost devices that allows you to erase the data and the history of your device, use it.
What to do when a device is returned
In case the device is returned and because it is not known who accessed it, the owner needs to treat the device as untrusted or compromised. In case it shows signs that something has been installed, it is important to reinstall software from scratch or even migrate all the data to a new device. The First Aid kit describes a number of steps to take in case the device is returned after a certain period of time:http://www.circl.lu/pub/dfak/DevicesSeized/
Prevent in order mitigate any risks
Prevention is still the key action to carry out in order to mitigate the risk whenever a device is seized, lost or stolen. Simple actions are recommended to protect the data , such as encryption, passwords, pin code locks for cell phone backups, tools that allow remote data wipes, installation of alert software in the case of theft.
Want to know more about the Digital First Aid Kit
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.