2 December 2022
Be prepared – your phone could be stolen this December and January!
This winter season, many of us will be travelling long distances, going to new places, and visiting loved ones at home. Whether that’s using an airport or train station, or by bus or car, you and your phone are going to be especially vulnerable to theft.
Compared to even five years ago, we access significantly more personal and organisational data on our personal mobile devices which, if stolen, could lead to serious consequences for your privacy and a data breach for the School.
What can you do to protect your data BEFORE going home for the School closure period?
1. Set up remote device wipe
If you have a School-issued iPhone, DTS can remotely wipe it; but Android devices from LSE, and any type of personally owned mobile devices, cannot be erased remotely by DTS.
If you have a personally owned iPhone:
- Go to Settings > Apple ID > Find My and make sure Find my iPhone is On
- Go to https://www.icloud.com and login with your Apple ID you used to login to your iPhone
- Select the iPhone icon and you’ll be prompted to sign in again
- If your phone is stolen or lost, select devices and select the device to remotely wipe
If you have a Samsung device:
- Go to Settings > Samsung account > Find my mobile and make sure the options are switched On
- Go to https://findmymobile.samsung.com and sign in with your Samsung account you used to login to your Samsung device
- If your phone is stolen or lost, select the device under My devices to remotely erase data
If you have a Google device:
- Go to Settings > Security > Find My Device and make sure the option is switched On.
- Go to https://www.google.com/android/find and sign in with the Google account you used to login to your Google phone
- If your phone is stolen or lost, select the device and select Erase device to remotely wipe the phone.
Please note: you cannot set up remote erase after you’ve lost your device.
2. Set up biometric access control on your device. A fingerprint or iris scan and facial recognition are good examples. It is more secure than a PIN code or pattern password.
3. If you have MFA for personal non-LSE accounts, ensure you have saved the backup/recovery codes someplace safe. Store them in a password management tool or write them in a journal in a safe location. A plain text document is not a safe option.
4. Back up your data. Save LSE data on OneDrive/SharePoint/Teams. Personal data like pictures or WhatsApp messages can be backed up to the cloud – a personal OneDrive or iCloud account for example.
If your device is stolen, it is important to act quickly and complete the following steps:
1. Remotely wipe the device using the steps outlined in the set-up process. Data stored only locally will be lost.
2. Change your LSE password
Go to your Microsoft account settings and change your password here. This is important so any LSE-provided Office 365 apps on your phone – Outlook (email), Word, Excel, OneDrive, Teams, etc. – will log out if you were unable to erase the phone.
3. Contact tech.support@lse.ac.uk
Include your name, two forms of photo ID, the LSE ID number of the device if it was an LSE-issued iPhone, and your personal non-LSE email address.
Say if you remotely erased your phone and/or if you reset your LSE password; if you do not, Tech Support will reset your password by default.
Tech Support will need to reset your MFA before you can access your LSE account again.
4. Remove SMS/text messages from your LSE MFA methods. After you regain access to your LSE account, it is best practice to set up the Microsoft Authenticator App as your primary method on your new replacement phone, and a personal email address instead of your phone number as a secondary method. You can always find and edit your MFA methods under Security info in your Microsoft account at LSE here.