NATIONAL CYBERSECURITY AWARENESS, PART 4: Portable Devices - 10/29/09
A major concern with portable devices – personal digital assistants (PDA), cell phones, laptops, thumb drives – is that they are easy to transport for use outside the office. And that, says Scott Ksander, executive director for ITaP Networks and Security, increases the likelihood that they may be lost or stolen and puts the data they contain at risk.
Ksander advises portable device users, “Assume you are going to lose it, have it stolen or compromised, and plan accordingly.”
The two best pieces of advice Ksander offers are, back up the information that’s stored on the device, and encrypt/password-protect access to the data.
More than half of mobile professionals carry confidential company information on their laptop, and of those, 65 percent don’t protect the data, according to ITaP Networks and Security. The best practice is not to store sensitive/restricted data on a laptop.
Lost or stolen laptops are the most frequent cause of data breaches. People who travel with their laptop most often lose it at security checkpoints and departure gates. Many others are forgotten in restrooms, restaurants and lounges, and some are left behind on the transportation system. Ninety-seven percent of lost laptops are never recovered, according to IT Networks and Security.
For protection, Ksander suggests encrypting data on the laptop hard-drive. Purchased encryption software is an option, but depending on the computer’s operating system, one may already be installed. Backing up files to a separate location also is recommended and takes only a few minutes.
To safeguard against computer loss or theft while traveling, Ksander offers these “rules of the road”:
-- Never leave laptop unattended.
-- Never pack laptop in checked luggage.
-- Record identifying information and mark equipment (place laptop on copier and “copy” information, put in a safe place).
-- Consider “phone home” protection software.
-- Downplay the laptop (carry it in a case), don’t leave it in hotel room; if left in the car, hide it, and never leave out in the open.
Be careful about conducting business when using a public wireless access point. If the public network connection is unsecured and unencrypted, there’s a chance another user on the network can monitor other users’ activities. When using public wireless access, consider avoiding:
-- online banking.
-- online shopping.
-- sending email.
-- typing passwords or credit card numbers.
Make online security a habit by:
-- connecting securely, and when not using the Internet, disable computer’s access to it.
-- tunneling safely and using a VPN (virtual private network) connection. Disconnect when work is completed.
-- surfing encrypted.
-- using strong passwords.
Thumb drives too must be kept safe. Simple encryption software, such as PKZIP and Truecrypt, is available to secure data stored on a thumb drive. Other options for thumb drives include secure thumb drive IronKey and fingerprint biometrics.
Approximately 2.6 billion cell phones will be in use by the end of this year, according to a study by the U.S. Geological Survey. Of those, about 20 percent are smartphones – cell phones equipped with Web access, messaging capabilities and the ability to access the user’s computer data.
IT Networks and Security reminds smartphone users that there are risks associated with smartphones and recommends taking these precautions to ensure the devices’ security.
-- Treat the device like it is a laptop.
-- Lock or password-protect it.
-- Disable Bluetooth when not in use. Use a PIN greater than eight digits, put device in non-discoverable mode and update to newest software to patch any vulnerabilities.
-- Report a lost or stolen device immediately to prevent expensive calls from being charged to the phone’s account.
-- When upgrading or replacing a cell phone, perform a factory reset on the device to erase all private information.
More information about personal digital assistants – or mobile computing devices – is available on the SecurePurdue Web site. The site provides a link to mobile device security best practices as well.
In addition, the site contains information about the activities planned this month in connection with the National Cybersecurity Awareness campaign. As this year’s campaign winds down, ITaP will host a presentation by John McCumber, strategic programs manager in the Public Sector Group of Symantec Corp., and Scott Ksander. The discussion will focus on threats to computer security in an industry setting and in the university setting. The event is planned for 9-11 a.m. Friday, Oct. 30 in Fowler Hall in Stewart Center. A security-themed Halloween costume contest will follow.