People think nothing of switching out their cell phones and even mobile numbers. These days, getting a number from anywhere in the U.S. is as easy as making the request to your mobile provider or choosing the number from a VoIP interface.
That ease of use is thanks to advanced digital infrastructure and the rise in the use of mobile phones. In fact, many employees use their mobile number as the main form of contact for company communications.
For companies that have multiple mobile numbers connected to devices issued to employees, eliminating a number might be necessary to cut costs. But this can also bring the risk of account breach if that number hasn’t had its digital footprints properly scrubbed.
If a phone number that you drop is still connected to any of your company’s accounts, it could mean the new owner could use it to do a password reset or be receiving sensitive company messages via SMS.
Mobile Number Recycling Study by Princeton University
There was a study done recently by Princeton University on the risk of leaving old mobile numbers connected to accounts. Researchers looked at 259 phone numbers that were available to new subscribers at T-Mobile and Verizon.
They found that 171 of those numbers were still tied to existing accounts at popular websites, like PayPal, Yahoo, and Amazon.
Criminals can easily look up available numbers online, just like those university researchers did, to see what potential accounts they could hack by obtaining one.
Some of the dangers of not disconnecting mobile numbers from accounts before you drop them are:
- PII Indexing
- Account hijackings via account recovery SMS
- Account hijackings without need for a password reset
- Phishing of colleagues & customers from your old mobile number
- Targeted account takeover
- And more
What You Should Do to Clean Up a Cell Number Before You Drop It
When a company is removing a mobile number from its billing, it can take a little longer to clean up that number’s digital footprints than a personal mobile number because more than one employee may have used it.
Be sure to speak with employees or former employees, if possible, to find any accounts that may have that number saved in the contact.
Change the Number on All Accounts Using MFA
Go through all accounts that could potentially be using that number for multi-factor authentication and change the account phone number.
With that recycled number still attached to an MFA prompt, a hacker would have everything they need to log into an account that you thought was properly protected.
Be sure to test the MFA prompt after you change the number to make sure it’s going to the new cell number.
Change the Number for All Cloud Applications
Look through all cloud application accounts for employees that had been issued that mobile number and change it.
Cloud apps will often do password resets via SMS to the user’s mobile number, which could make it easy for a criminal that obtains your old number to breach a company cloud account.
Change the Number for All Online Shopping Sites
Visit any online shopping sites that the mobile number may have been used for. These sites will text order receipts, shipping notices, and other sensitive information.
Look for any office supply-related sites or other sites that your employees may have purchased business items from.
Change the Number for Offline Service Providers (HVAC Company, etc.)
It’s easy to overlook offline providers that may have a company mobile number as a contact, such as an IT provider, HVAC service, or even a restaurant that delivers lunch from time to time.
Review any potential local service providers you use regularly and call them to ensure they have an updated contact number for your company.
Review Text Message History for Other Accounts to Change
Review the phone’s text message history for messages from any accounts that you may have missed and change the number for those accounts.
Text Groups & Individuals in the Text History from the New Number & Ask Them to Delete the Old One
Employees often communicate with customers, vendors, and colleagues via SMS, which means your sensitive communications could end up going to a stranger.
Go through the text history and look for any group or individual texts. Save those numbers and text them from the number you’d like them to use instead.
In the message, you can simply explain that the old mobile number is no longer being used by your company and the person should update your contact and delete any old SMS threads for that number so they don’t text it accidentally.
Get Help Securing Your Company’s Mobile Devices
Mobile device use for business continues to increase. Make sure your security policies can handle it. Connect2Geek can help your Treasure Valley area business put great mobile device security solutions in place.
Schedule your free consultation to learn more today! Call 208-468-4323 or reach out online.