Methods and systems for addressing unreported theft or loss of mobile communications devices

We claim: 1. A method comprising: by a security component executing on a first mobile communications device, causing the storage of a usage pattern associated with an authorized user of the first mobile communications device, the stored usage pattern created based only on usage information from use of a second mobile communications device by the authorized user of the first mobile communications device, and the stored usage pattern modified, by a server, for use on the first mobile communications device based on differences between the first mobile communications device and the second mobile communications device; detecting, by the security component, a usage of the first mobile communications device; comparing, by the security component, the detected usage to the stored usage pattern to determine if there is a difference between the detected usage and the stored usage pattern; associating, by the security component, a measure with the stored usage pattern when there is a difference between the detected usage and the stored usage pattern; determining, by the security component, that the detected usage was not caused by the authorized user of the first mobile communications device when the associated measure is beyond a threshold measure; and in response to the determination, issuing a first command by the security component, the first command causing a restriction of an ability of the first mobile communications device to be used to access a resource. 2. The method of claim 1 , wherein the associated measure is a measure of a risk that the detected usage was not caused by the authorized user of the first mobile communications device. 3. The method of claim 1 , wherein the detected usage comprises a detected usage pattern and wherein the comparing includes comparing the detected usage pattern to the stored usage pattern. 4. The method of claim 1 , wherein a group includes a plurality of additional authorized users, each group member with a corresponding stored usage pattern, wherein the comparing further compares the detected usage to the stored usage pattern for each group member, wherein the associating further associates a measure with each additional authorized user's stored usage pattern, and wherein the determining further determines that the detected usage was not caused by an additional authorized user when each additional authorized user's associated measure is beyond the threshold measure, and wherein the resource includes a group resource. 5. The method of claim 4 , wherein the group includes at least one unauthorized user, the at least one unauthorized user not allowed to access the group resource. 6. The method of claim 5 , the method further comprising: based on the comparison, determining by the security component, that the detected usage was caused by an unauthorized user included in the group; in response to the determination, issuing a notification by the security component, to a designated group member, the notification informing the designated group member of the detected usage. 7. The method of claim 1 , wherein the detected usage: includes a use of the first mobile communications device by a user; is based on data from a sensor on the first mobile communications device; includes a location of the first mobile communications device; or includes a movement of the first mobile communications device. 8. The method of claim 1 , wherein the first command causes: a revoking of an access permission to a network resource; or a revoking of an access permission to a resource within the first mobile communications device. 9. The method of claim 1 , wherein the resource includes group data stored on the first mobile communications device, and wherein the first command causes the deleting of the stored group data. 10. The method of claim 1 further comprising: causing, by the security component in response to the determination that the detected usage was not caused by the authorized user of the first mobile communications device, the gathering of information by the first mobile communications device and the reporting of the gathered information to an administrator, the gathered information including information about one or more of: the use of the first mobile communications device; the location of the first mobile communications device; or the environment of the first mobile communications device. 11. The method of claim 1 , wherein the first command is performed automatically by the security component in response to the determination that the usage was not caused by the authorized user of the first mobile communications device, the method further comprising: providing, by the security component after issuing the first command, one or both of the authorized user of the first mobile communications device or a second user with an opportunity to rescind the restriction. 12. The method of claim 1 , wherein the first command is sent to at least one electronic device, the first mobile communications device being privileged to pair with the at least one electronic device, the first command causing a revocation of the privilege to pair with the at least one electronic device. 13. The method of claim 1 further comprising: allowing, by the security component in response to the determination that the detected usage was not caused by the authorized user of the first mobile communications device, a re-authentication of the authorized user of the first mobile communications device to rescind the restriction. 14. The method of claim 1 further comprising: sending a message, by the security component in response to the determination that the detected usage was not caused by the authorized user of the first mobile communications device, to an electronic device used by the authorized user of the first mobile communications device, the message relating to the determination that the detected behavior was not caused by the authorized user of the first mobile communications device. 15. The method of claim 14 , wherein the message includes first information, the method further comprising rescinding the restriction in response to the first information being entered into the first mobile communications device. 16. The method of claim 14 further comprising rescinding the restriction in response to the security component receiving a response to the message. 17. The method of claim 14 , wherein the message is sent before the issuing of the first command, and wherein the first command is issued when a response to the message is not received by the security component within a predetermined period. 18. The method of claim 1 , wherein the restriction is a suspending of a trust relationship between the first mobile communications device and a server. 19. The method of claim 1 further comprising: issuing a second command by the security component in response to the determination that the detected usage was not caused by the authorized user of the first mobile communications device, the second command causing: the migration of a functionality of the first mobile communications device to an electronic device; or a server to suspend delivery of a push notification to the first mobile communications device and causing the push notification to be directed to an electronic device. 20. A method comprising: by a security component on a first mobile communications device, causing the storage of a usage pattern associated with an authorized user of the first mobile communications device, the stored usage pattern created based only on