What losing my Smartphone taught me about Incident Response and Business Continuity

Written By Paolo Carner

Introduction: The Unplanned Incident

Yes, I lost my smartphone. Now that the dust is settling, I wanted to write about my experience because I believe I've learned some valuable lessons that can be easily applied to any business facing a serious incident. I'm sharing this to highlight the importance of something I often preach (but, as it turns out, still need to be fully implemented in my own life): being prepared for when an incident strikes.

The Moment of Panic

It was Friday afternoon, and I was coming home on the train after a productive meeting at work. Yet, I had a nagging feeling that something was amiss, but I couldn't quite put my finger on what it was.

Saturday morning: "Where is my phone?" After a frantic search in my bag and in the usual places where I leave it when I get home… nothing. My smartphone, my digital lifeline, was gone. The immediate wave of panic was intense – a familiar feeling for anyone who has experienced that sudden, unsettling emptiness in their pocket, or had to respond to a significant incident.

Phase 1: My Personal Incident Response

Of course, the first thing I did was to confirm that the phone was no longer with me. Now that I think of it, this is the first step for any Incident Response team: confirming that the event they are seeing is, indeed, an incident.

My immediate actions, my personal "Incident Response" playbook, kicked in:

  • Confirm the incident: I attempted to locate it using its dedicated app. Unsurprisingly, the phone was unavailable (either the battery was dead or it had been turned off by someone else).

  • Contain the threat: Assuming the worst-case scenario, I enabled the "lost phone" feature, which remotely disabled virtual cards and locked the device. This swift action was crucial in minimizing potential data compromise.

The incident was contained. But what should I do next?

My safety line: the old iPhone that still worked.

My safety line:

This trusty old iPhone.

Phase 2: Striving for Business Continuity (or lack thereof)

While the immediate threat was contained, the next challenge was "Business Continuity." In a business context, this means maintaining essential functions during and after a disruption. For me, it meant: how do I keep my life running without my primary device (for a little while, that is)?

My usual "business" (my daily life) relies heavily on that smartphone. Communication, banking, navigation, even just checking the time – it's all there. Without it, I had to scramble for workarounds:

  • Communication: I relied on an ancient spare phone to receive calls and texts, which would also be crucial for the next steps.

  • Payments/Banking: This was a significant hurdle. My virtual cards were disabled, forcing me to rely on physical cards, but without access to online payments and transfers.

  • Navigation: I found myself asking for directions more often and relying on my memory, a stark reminder of how dependent I'd become.

This phase highlighted a critical gap: I didn't have a pre-defined "Business Impact Analysis" (BIA) for my personal life. I hadn't identified my most essential services and how to keep them running if my smartphone were lost. This led to:

  • Panic mode: Scrambling to understand and act on priorities in the heat of the moment (hint: never a good idea…)

  • Lack of alternatives: Realizing I didn't have a robust way to keep any critical services running if my smartphone were lost.

Phase 3: The Disaster Recovery Journey

In many cases, an incident is so impactful that a full "Disaster Recovery" procedure is invoked. This is about restoring full functionality after a significant loss. For me, this meant getting a new phone and restoring my digital life.

My Disaster Recovery plan (or what I pieced together on the fly) involved:

  • Blocking the existing SIM: Easy, but I wished I had the phone number to call readily at hand before…

  • Getting a new one: This also went relatively smoothly, thanks to my telco provider, even though they had to open late, as the "guy with the keys” showed up 20 minutes after opening hours (what were the chances, I wonder…)

  • Getting an old phone up and running again: Yes, I kept an old phone (and, boy, now am I glad I did)

  • Restoring from backup: This is where I hit a significant snag. "Restore… to what?" I had an old phone, but it seemed unfortunately incompatible with the backup (planned obsolescence, anyone?). Luckily, it would still accept the new SIM, so at least the “old” communication system was now back up and running, which was crucial for starting the restoration of some critical services (SMS is still used, despite its weaknesses, but that was a godsend for me).

So, the only obvious solution was to buy another one, but that also proved difficult, as I usually use the virtual cards stored on my phone. Luckily, thanks to the prompt response of my telco provider, having a workable phone number saved the day. I was able to rebuild access to my banking apps through that number, with the help of my bank’s customer service. This was my personal "recovery" phase, slowly bringing my digital life back to full operation.

Post-Mortem and Lessons Learned

After any significant incident, an incident response team should conduct a post-mortem – a formal review of what happened to identify lessons learned and improve processes for the next time. And, when it comes to lost phones, there will likely be a next time…. So, what were my lessons? Here they are:

  • Create an actual 'lost phone' playbook: This would help the incident response team (me!) with what needs to happen in order and avoid the panic that sets in.

  • Having a ready-to-use list of contacts, including emails, phone numbers, and websites for essential services, would significantly aid recovery.

  • Perform a personal BIA: Identify the services that should be kept running continuously. In my case, I realized it was anything related to money, so bank apps (both personal and business) were top priority.

Building Resilience: My Post-Mortem Actions

While I am still mulling over whether I should create an actual playbook (it might be too geeky even for me!), this is what I did do:

  • While I was restoring my services, I kept a list of actions that I needed to carry out, along with the contact information for the services I had to call, in case I needed to refer to them again (some would say that is the beginning of a plabook)

  • I have installed and validated all the money-related apps on a backup device (my trusty iPad), which should make it easier to keep these services running the next time.

Wrapping up

This unexpected incident taught me that even in our personal lives, the principles of incident response, business continuity, and disaster recovery are not just corporate jargon; they are essential for everyday life. They are practical frameworks for navigating the inevitable disruptions of our increasingly digital world.

What's your incident response plan for a lost device? How would you maintain your 'business continuity' if your digital lifeline suddenly vanished? Proactive planning is key to resilience, both personally and professionally.

Paolo Carner
Previous

The Million-Dollar Question: Are You Spending Too Much on Risk Prevention?
Next

Cybersecurity Career Roadmap: Your Path from Beginner to Leader