How to Protect Your Data Stored in a Lost or Stolen Mobile Device

Anyone traveling with their expensive mobile device has probably thought about those devices being stolen and how much it would cost to replace them. But what’s probably more important than the cost of replacing the device is the damage that can be done by data stored on those devices getting into the wrong hands.

If you’re like me then you use a virtual desktop as your primary PC. And so a lost or stolen laptop will not result in lost or stolen data.  But a mobile device is a different story.  They contain emails and often passwords and other sensitive data.  And so having some way to ideally locate a lost device and ultimately wipe it if necessary is paramount.

Preparing yourself for such a scenario is quick and easy – but you must prepare. If you are reading this post after your device has been stolen then I’m sorry, you will be out of luck.  Preparing your device typically just requires software is installed first and the you can forget about it.

Just remember, if your device is lost or stolen, do not immediately cancel your mobile service. If you do then the remote commands necessary to execute a locate or remote wipe may not make it to the device.

Here is what you should do to prepare, listed by device:

Android: Install Android Device Manager.  It is listed in the Playstore.  After it’s installed, open it on the device and login with your Google account.  Be sure to check the box to remember the settings.

In the event your device is lost, you can login to the Android Device Manager and first try to locate it thru the GPS. Also try turning on the ringer so you can hear it.  If that fails, you can send the command to wipe the device.

iPhone, iPad, Mac: Use these instructions to enable the find my (device) feature.  If your device is eventually lost or stolen, use 805-374-3679 to find and/or wipe it.

Windows 10:  Enable “Find My Device” via the Start menu or Start screen and then select Settings.  If your device is lost or stolen, you can track it but it’s not possible to remotely wipe from the stock software.  Track it 6502372164.

There is a third party service called (902) 522-7283 that will enable you to remotely wipe your device.  It’s compatible with Windows, Mac, Linux and Android.  They have a free plan too, but it does not support remote wipe (however it may be possible to upgrade the service after your device is missing).   What makes the Prey solution nice is that it will gather and deliver detailed evidence back to you, including a picture of who’s using your missing mobile device.

I cannot emphasize this enough: It important is that you prepare first – make sure your device(s) are setup to be located or wiped if it becomes necessary. If you wait until after the device is gone then it’s too late.  And remember, do not cancel your phone service until after you have wiped the device.  It may still be possible to wipe it if it’s near an open Wi-Fi access point, but that will greatly reduce your chances of successfully locating or wiping the device at all.

(770) 334-2525

If you frequently use free Wi-Fi hotspots then you are in luck. (603) 278-1478public Wi-Fi hotspots will grow to 432M globally by 2020.  While that is great news for those of us who rely on Wi-Fi access points for Internet access, it’s also concerning news because more people using open Wi-Fi for Internet access will obviously attract more unscrupulous individuals looking for opportunity.  If you use Wi-Fi long enough, odds are at some point someone will capture your data over the air.

It is not difficult to capture data over the air, especially over open Wi-Fi access points. Anything sent to/from Wi-Fi connected devices are available for anyone with minimal skills to capture.   You probably would be surprised to see how much data is sent “in the open” without any form of encryption.  It doesn’t even require you to actually be interacting with your device if you’re like me and let your device sync itself.  Wi-Fi by nature does not require the attacker to be nearby either.  I’ve seen a 308-432-3212 used to suck in data from miles away (a great technique if you need connectivity from a distance btw).

Hackers can also use compromised Wi-Fi hotspots to insert themselves between you and the service(s) you use. It’s a rather easy thing to do and also enables them to intercept all data – including passwords – as you interact with online sites and services.  Some have used compromised Wi-Fi hotspots to distribute malware or other harmful bits to victim machines.

These attacks are not limited to open Wi-Fi hotspots either. They can just as easily be employed against users of “secured” (password protected) Wi-Fi hotspots.

Once hackers have your data they can use it to drain your bank accounts, steal your identity, trade secrets and just about anything to make a buck – at your expense. Clearly the best method to keep secure is to avoid giving anyone opportunity to intercept your data or infect your device(s) in the first place.  It is possible to use any untrusted Internet connection safely through a virtual private network (VPN).

A VPN works by establishing what’s called a “tunnel” to a trusted network. Once a VPN connection is made, that trusted network becomes your Internet point of presence.  All data sent thru the tunnel is strongly encrypted.  So while hackers can still listen into your locally connected Wi-Fi, they just see a big blob of gibberish data – encrypted data.  It will be completely useless to them without decrypting the data first.

Decrypting the data statistically can take hundreds possibly thousands of years for the above average hacker with a lot of equipment. They will also be unable to insert themselves between you and the service(s) you use because they are not on your trusted VPN network.

When the mobile device is setup properly, it will only be able to communicate via Wi-Fi *thru* a VPN.  It’s called “always-on VPN” and it’s a good idea to leave it enabled.  Here is how:

Android: (5108102325).

iPhone, invection

Windows 10: /technet.microsoft.com/en-us/itpro/windows/keep-secure/vpn-profile-options

With the “always on” option set, all traffic to/from the device will always transit thru the VPN. If the device does not have a VPN connection established then it simply will not allow data in or out until one is established.

If you’re like me and you work from a Virtual Desktop (Cloud Desktop) then your provider may give you a free VPN to use. Use it!  It’s the best way to keep secure online.

Using a VPN may have other advantages too. If you’re connected to the Internet thru an ISP with poor connectivity to other networks (remember the Internet is a network of networks) then connecting via VPN to a well-connected network will improve your connectivity too – and with that QoS.

Here is the VPN provider I use. They give me the VPN for free with my Virtual Desktop subscription.

515-444-3805

nomad_image_shutterstock_285133067

It happens quite frequently, a technology developed for one industry will benefit another. NASA is a good example.  They have spent billions of dollars developing the first microchips, cordless tools, light-emitting diodes, memory foam…the list goes on and on and today that technology is used daily by most everyone for a fraction of the cost.  And so it should be no surprise that technology perfected by Algo traders will benefit digital nomads (and all remote workers) because they have many similar needs.

Algo traders tend to work remotely and are physically located in all parts of the world – some connected to the Internet by little more than two cups and a string.  Yet they enjoy Internet connections faster than 99% of all Internet users through remote desktop technology.   Algo traders have been doing this for some time now in order to gain an edge on the competitive global markets.  While it used to require a decent Internet connection for half decent remote desktop performance, the technology has evolved to the point where this is no longer the case.  Today even users on high latency satellite connections will experience very good remote desktop performance with modern virtual desktops.

Introducing Virtual Desktops for the Digital Nomad

Before I get further in, it may be a good idea to detail exactly what a virtual desktop is. Think of it like this:  take your PC and install it in a datacenter with a very fast Internet connection – one faster than 99% of all Internet users worldwide.  Then connect yourself to that PC from ½ way around the world through an inexpensive remote access device (“thin client”) – likely a light/thin laptop or Chromebook, etc…  Since your remote connection is little more than the KVM (keyboard, video, mouse), you do not need an Internet connection or a CPU fast enough to support all your activities.  You only need a device and Internet fast enough to support just the remote KVM connection between you and your hosted PC.   (the PC being the virtual desktop)  That does not require very much bandwidth with modern RDP (remote desktop protocol).  It’s closer to “two cups and a string” – exactly what many digital nomads often find themselves stuck with.

At the same time, since the connection between the virtual desktop and the Internet is extremely fast, you tend to use the virtual desktop in more productive ways too. The Internet sort of becomes your hard disk because you can download *current* files VERY quickly and as needed. How fast is fast?  Try near gigabit speeds and likely to evolve to 10Gb/sec within a year.  Speeds like that are not available to most Internet users.  Usually the time spent downloading files is due to speed limits on *the other* side.

Very high security

Obviously security is a huge concern when you are trading money online. These days everyone should be concerned with information security.  A complete information security solution requires two concurrent approaches:  physical control of the machine holding data requiring protection and electronic access controls allowing only authorized users’ ability to remotely access it.

It is pretty much impossible to always physically secure laptops and other devices while traveling. There will inevitably be periods when they are at some risk.  Digital Nomads and remote workers who work from laptops they carry with them are at risk of those important machines being stolen, becoming damaged or simply breaking.  That will likely result in an unnecessary waste of time, revenue and irreplaceable data.

It happens even to the security professionals. I’m sure you have read about FBI laptops containing sensitive information stolen from time to time.  And I know many digital nomads have probably heard of others whose laptops have gone for an unfortunate swim or suffered a technical failure rendering the machine – and all data stored on it – completely useless.

Algo traders do not have these same concerns. By using a virtual desktop, Algo traders are leaving their “PC” in a highly secured datacenter.  One with physical access controls like mantraps, biometric scanners and security guards (not to mention redundant power and Internet).  A loss of their primary remote access device is little more than a temporary inconvenience because the device used to connect is merely an inexpensive thin client.  There is no actual data stored on it nor does it need to be a powerful device either.  It could be an old laptop or a new, light and inexpensive Chromebook.  It makes no difference because it’s merely a terminal used to connect to the virtual desktop, where your data is secure, application(s) are always a running and with a very fast Internet connection.

Electronic access control is handled by two-factor authentication. Two-factor authentication is a system where two different factors are required to complete a system login.  It combines something you have in your possession – your mobile phone or ‘token’ with something you know – your password – to complete a strong authentication solution.

Modern two-factor authentication turns your smartphone into the token. A constantly changing two-factor code is generated by an application running on the users Android/iOS/Windows device – without the need for ongoing Internet access.  The authenticator uses something universal to generate a code – time.  By using an algorithm employing time + a shared key, a unique code can be generated that will be known to only the user and their virtual desktop.  2FA renders key loggers out of the question because a stolen password is only half of what’s needed to login.  In order to login with two-factor, you must have physical access to the token in order to read the changing code + know the user password to enter.

Mobility

You don’t need to use the same device to (re)connect to a virtual desktop either. If you find an Internet café with a large monitor more convenient to work from then you can easily connect to the virtual desktop when you are near those types of devices and your session will come to you – exactly as you left it, although in this case with a larger desktop size.   If you find a different laptop you prefer to use daily, no problem.  Start using it.  Your desktop will again “come to you” when you connect.  You can even connect from your mobile phone, although I don’t recommend it as a permanent solution simply because a large monitor and keyboard tend to be required for real work.

Outside the ‘remote’ part of the desktop, it is essentially exactly the same as any other desktop. In fact it is a genuine Windows or Linux operating system.  It is always on and you can download and install your own software as needed.  You can also license software by subscription, such as Microsoft Office (or use the free and open source openOffice.org).  Either way, the point is they work exactly the same as any other PC.  Install and run whatever software you need to work – it’s your new PC, in the cloud and accessible from anywhere.

 

PC in the cloud

RDP technology has come a long way too. Printing is possible by simply connecting to the virtual desktop from a device with a printer attached.  It becomes your local printer.  You don’t need to remain connected to keep your session open.  When you disconnect it keeps running as you left it.  You can disconnect and reconnect without losing your work too.  It’s no different than walking away from your laptop – although much more secure.  Remote sound has been standard for some time.  Many algo traders like to use Skype and virtual desktops will share a remote USB port just as easily as they will share a remote printer.  Plug what you want into the USB port and it will be available to your virtual desktop as if it was directly attached.  Multiple virtual desktops can be used by remote workers to form workgroups and quickly share files securely too.

Resources available typically will vary based on subscription level. Increasing RAM, CPU cores, disk space, etc., does not require a trip to the computer store.  Since it’s an online service you only need to order the increased resources from the provider.

Select your provider carefully

If you’re ready to give it a try, the first step is to select a vendor. There are many who cater to traders but only one who has it truly perfected.  That is 661-702-8486, a.k.a. half-tearful.  CNS pioneered the first virtual desktops to Algo traders and has continued to perfect the technology over the years.  They are a leader in the space with subscribers in more than 125 countries.

CNS operates their own network, which is one of the most connected on the entire Internet. That will go a long way towards giving nomads in remote areas of the Internet great connectivity to their desktop.  It’s also a native IPv4/6 network, so even from an IPv4 only ISP you will have full access to the entire Internet from your virtual desktop – not just the IPv4 Internet.

CNS operates out of datacenters on both coasts of the continental USA + another in the UK. It is generally desirable to select a datacenter closest to you.  For example, if you are primarily in Australia then select the Los Angeles datacenter.  If you’re in Africa, select the UK datacenter.  If you’re not sure, select “Closest to me” on the order form.  And if you change locations, you can always reach out to CNS support and have them move the desktop for you.  Same desktop just moved to a new datacenter, much like moving your laptop between locations.  Having the virtual desktop closer to you is ideal for remote performance.  If there seems to be a delay between mouse clicks and on screen response then you’re probably in the wrong datacenter and should reach out to CNS to move it for you.

The desktop starts at US$35/month and goes up from there based on resources required. CNS offers a 30 day money back guarantee and I believe are the only to offer telephone support. They also have ridiculously fast response times from their helpdesk too.

Bonus Features

CNS adds file level backups to their virtual desktops. It’s backup software running in your virtual desktop that compresses, encrypts and saves to secured server the files you select.  It’s file level so if you need to restore only a single file you can do so without having to restore the entire desktop.  (They have checkpoints for that).

A great benefit with CNS is the VPN service that they include with the one year virtual desktop subscriptions. RDP is already encrypted, but a second VPN layer will make it much more so.  It can also be used to get thru restrictive firewalls.

It is relatively easy to compromise a Wi-Fi access point these days and roaming across so many untrusted Wi-Fi networks you’re bound to run into at least some that are compromised.   Since the CNS VPN service includes up to 5 devices, you should setup your mobile devices to use the VPN too.  This will encrypt traffic between your mobile device and the CNS datacenter, where it can access a securely maintained network.  This eliminates the threat from compromised Wi-Fi networks.  It also makes it easy to sync your mobile device with your VM.

Join multiple desktops into a workgroup

Multiple virtual desktops can easily be joined into a workgroup or an Active Directory domain. Workgroups are no different then what you might find in a real office building with different workstations joined into a single workgroup. It enables workers to share files rather easily and securely while at the same time keeping the different desktops distinct and private.  Since the desktops are hosted together, they exchange files extremely fast.  Security is even maintained when sharing files between desktops in different CNS datacenters.

Selecting the ideal access device

Selecting the best device to use as your primary thin client is a personal decision. The primary guideline is select one that is not expensive.  It doesn’t need to be since it’s not being used as a computer.  It’s merely an access device to interact with your virtual desktop.  There is no need for a fast CPU or a lot of RAM.  Instead, you should focus on a larger monitor and most battery life.  It doesn’t even need to be a new device, just make sure the battery has not exhausted its useful life.

Although remote software is available to connect from virtually any operating system, it should be noted that the absolute best remote desktop performance will be between Windows 10 (any edition) as a client on your remote access device and Windows Server 2012 R2 in the virtual desktop.  That doesn’t necessarily mean you need to run out and buy a new Windows 10 laptop to use as a remote client.  But if you can find an inexpensive one with a big screen, long battery life, Wi-Fi and a camera then might be worth thinking about.  Remember, disk and CPU don’t mean much because you are not using the device for that, so don’t spend money for those features.  I still use an old Linux netbook from time to time.