This week marks the National Cyber Security Alliance’s Data Privacy Week, while Saturday, the 1st of February, marks Change Your Password Day.  As part of our smartphone safety campaign, we’ve partnered with ethical hacker Nikhil Rane to arm you with the information you need to protect your devices and personal data from sophisticated theft tactics in the new world of ‘physical data theft,’ where the data with the device, rather than the device itself, is a more lucrative prize for criminals.

I’m unsure how much attention we paid to these events before setting up Nuke From Orbit. But now, we’re hyper-aware of them. And with smartphone thefts doubling in the UK to 78,000 between March 2023 and March 2024, it’s never been a better time for us to do our bit and draw your attention to them.

Nuke From Orbit’s CEO James O’Sullivan sat down with Nikhil to discuss, amongst other things, the financial risks consumers face from smartphone theft and the single most important security measure people should implement today. Check out their conversation here:

Don’t like videos? Don’t worry; we’ve pulled out some of the key discussion points below.

What financial risks do consumers face from smartphone thefts?

The risks are only limited by an individual’s wealth. and sometimes, even that isn’t the cap. With access to your cards, criminals can spend up to your daily limit in seconds. With access to your bank accounts, they can transfer money to mule accounts, draining you of all your funds. But it doesn’t stop there.

Criminals could open up new accounts in your name and take out loans and overdrafts, increasing the amount of debt that you have beyond your current level of exposure.

The risks extend to your friends and family. Criminals can use your device to pose credibly as you and then ask them to send money to an account that you don’t control. If you have crypto assets, the losses can be substantial, and there is no hope of recovery.

What’s the most critical smartphone safety measure people should implement today?

The most critical security measure people can take today is to have a strong enough PIN to enter their phone.

The PIN is often the forgotten piece of security on phones because most people will use a biometric to access the device 99 times out of 100. The rarity of accessing it via a PIN means people aren’t as well prepared or don’t take enough care the one time they do have to enter their PIN. This PIN is actually as valuable to a criminal as my face and a lot easier to get hold of.

With a strong PIN, consumers should treat it as the most valuable information they have. If they have to enter it in public, make sure they shield it like they would their bank card PIN when they insert it at an ATM or a chip-and-PIN terminal.

Shoulder surfing is one of the most common cyber threats consumers face on the move or in crowded places, so avoid putting any PIN into your smartphone in public if you can avoid it.

Once you have a strong PIN for your phone, you should use a different PIN to access any apps within the phone, not reusing any part of the PIN that is used to gain access to the device.

What should smartphone users be doing to protect themselves and their data if they want to access their bank accounts?

The key point to consider is that you should access your bank accounts and cards in moderation when using your smartphone. While it’s nice to think that you can access everything you might ever need on your phone, that might not be the most pragmatic approach.

For the accounts and cards you do have access to on your device, try to moderate the amounts you keep in them or on them and ensure that you access them using the strongest authentication method the service allows.

Nikhil’s top smartphone safety:

• Use strong and lengthy passwords (between 8 and 12 digits) on your accounts
• Enable MFA/2FA (multi-factor/two-factor authentication)
• Enable biometric protection
• Avoid unsecured Wi-Fi, which can expose you to a man-in-the-middle attack

What are the red flags that your phone might be compromised?

Some of the most innovative companies we partner with can detect baseline user behaviour on smartphones. So, when an authorised user navigates their phone in certain apps, the company can build a picture of how that person uses either the phone or the app. This triggers alerts in our application, which say that someone is using the phone differently.

When that behaviour diverges significantly enough from the baseline profile, the app can take specific actions, such as asking for additional verification or limiting certain functions, because the activity is so different from the expected behaviour or what’s been seen in the past.

Obviously, even with the best preparation, there is still the possibility that I will lose my phone and that the attacker will gain access. To ensure that you are as protected as possible, Nuke From Orbit provides an additional layer of security and enables you to invalidate all of those assets should your smartphone fall into the wrong hands.

My phone’s been stolen. What should I do right now?

The most important thing to do if your phone is stolen is to get in contact with your card issuers as soon as possible to cancel those cards. Once you’ve let the banks know that your cards have been stolen, that should trigger additional protections on your bank account, meaning your financial information is secured.

The next thing you need to tackle is your other data. Think about the accounts you use the most (social media, email, etc.), change your passwords, revoke 2FA authorisation for the stolen device, and start again with a new device.

Obviously, this is not a quick process, which is why Nuke From Orbit will be available later this year.

Your phone is the most important thing you own, not because it’s expensive, but because it is the gateway to so much of your life. It reflects who you are and what’s important to you, and that’s worth protecting.

With 2025 just beginning, Nuke From Orbit urges the public to take action now and adopt new smartphone safety habits to avoid becoming another statistic in the growing epidemic of smartphone theft.

About our smartphone safety experts:

James O’Sullivan, CEO & Founder, Nuke From Orbit

James is a technology entrepreneur who wrote his first computer program in the late 80s when he was eight. He founded Kobas, the complete hospitality management platform, in 2009, and his route into the fintech industry is novel. Had he not had thousands of pounds stolen when his phone was taken, Nuke From Orbit wouldn’t exist today.

Nikhil Rane, Ethical Hacker, Penetration Tester, Bug Bounty Hunter 

As a passionate Freelance Penetration Tester, Nikhil focuses on unearthing vulnerabilities across various platforms. He safeguards the digital realm with his ethical hacking skills. His Master of Science in Cyber Security from the University of Bradford has been instrumental in honing these skills, setting a robust foundation for his practice.