250 likes | 461 Views
Cyber Security on the go. How to protect your laptop, smartphone & other mobile devices. Overview. Mobile devices Risks Best Practices Laptops Smartphones Portable Storage Devices Data Protection Location-Sharing Technologies. Mobile Devices. Laptops Smartphones
E N D
Cyber Security on the go How to protect your laptop, smartphone & other mobile devices TCU Information Security Services
Overview • Mobile devices • Risks • Best Practices • Laptops • Smartphones • Portable Storage Devices • Data Protection • Location-Sharing Technologies TCU Information Security Services
Mobile Devices • Laptops • Smartphones • Portable storage devices • USB memory sticks • Thumb/flash drives • Removable hard drives • PDA’s TCU Information Security Services
Risks • Mobile devices are easy to lose or steal • Can carry large amount of data • Often unprotected • Data may be “sniffed” during unprotected wireless communications • Results • Broken device • Infections from viruses, spyware, malware • Privacy and personal security concerns TCU Information Security Services
Best Practices – Good Habits • Keep it in sight, within reach, on your person. • Avoid clicking links or calling numbers contained in unsolicited emails or text messages. • Know what you are downloading. • Never store sensitive or confidential information on a mobile device. TCU Information Security Services
Best Practices – Configure Device Securely • Enable auto-lock • Enable password protection • Keep all system/application patches up-to-date • Install anti-virus if available and keep it up-to-date • Enable Remote Wipe (if available) TCU Information Security Services
Best Practices – Wireless Safety • Rule of thumb – do not trust wireless to be secure! • Disable features not in use such as Bluetooth, infrared or Wi-fi • Set Bluetooth devices to non-discoverable to make them invisible to unauthenticated devices • Avoid joining unknown Wi-fi networks • Disable any “autoconnect” feature • When using public wireless hotspots only type in or view information that is not sensitive unless you create a TCU VPN session first. TCU Information Security Services
TCU VPN • VPN – Virtual Private Network • Advanced security technologies • TCU VPN is available to TCU Faculty and Staff • Go to www.tr.tcu.edu/remoteconnection.htm for instructions TCU Information Security Services
Laptops • According to a 2008 report of the Ponemon Institute, “Business travelers lose more than 12,000 laptops per week in U.S. airports.” http://www.dell.com/downloads/global/services/dell_lost_laptop_study.pdf TCU Information Security Services
Laptop Video from FTC • http://www.youtube.com/watch?v=PeyKVC92AfM TCU Information Security Services
Laptop - physical security • Never leave unsecured laptop unattended • Lock your doors • Lock it in a cabinet • Use a locking security cable • Room/office • Hotel room • Public locations • Conferences, training sessions • Cost $15-$50, combination or key lock TCU Information Security Services
Traveling with a Laptop • Don’t let it out of your sight when you travel • Be particularly watchful at airport security checkpoints • Always take it in your carry-on luggage • Never put it in checked luggage • Use a nondescript carrying case • Be careful when you take a nap in the airport • Don’t leave it in view in your vehicle • Don’t trust the trunk - remember the quick release lever inside the vehicle? TCU Information Security Services
Smartphones • Smartphones like the iPhone, Treo or Blackberry are really small networked computers. • Run programs and can store thousands of documents in memory. • If stolen, an unsecured Smartphone grants access to your private information: email correspondence, address books, and any unsecured documents. • Losing a Smartphone could be as big a security problem as losing a laptop. TCU Information Security Services
Smartphones continued • Never leave a Smartphone unattended • Enable auto-lock • Enable password protection • Do not use your TCU password • Keep the phone OS and apps up-to-date • Enable remote wipe • You can wipe out the data on a lost iPhone or Smartphone with Windows Mobile if the phone uses ActiveSync to synch email. TCU Information Security Services
Remote Wipe • Using Remote Wipe from Outlook Web Access • Go to Options (upper right), select Mobile Devices • Warning – this will wipe out everything on the phone TCU Information Security Services
Portable Storage Devices • USB memory sticks, thumb/flash drives, removable hard drives • No confidential data! • Too easy to lose; easy target of theft • “Erase” files so they aren’t recoverable • File Shredder • CCleaner • Configure a username and password • Encrypt files • Microsoft Office file encryption • TrueCrypt, Ironkey • Beware “free” flash drives. They can contain viruses and malware TCU Information Security Services
Data Protection • The best way to protect sensitive personal information (SPI) is to never store it on a mobile device. • SPI is defined as an individual's name, address, or telephone number combined with any of the following: • Social security number or taxpayer ID number • Credit or debit card number • Financial/salary data • Driver's license number • Date of birth • Medical or health information protected under HIPAA • Student related data protected under FERPA • See the TCU Sensitive Personal Information (SPI) Policy https://security.tcu.edu/SecuringSPI.htm TCU Information Security Services
Data Protection Continued • Store your important files on your M: drive and use VPN with Remote Desktop (Windows) or Screensharing (Mac) to access it (see http://www.tr.tcu.edu/RDP_VPN.htm for instructions on setting up VPN). • While it is against TCU Policy to store SPI on a mobile device, if you must store your own personal information, encrypt it. • Use Microsoft Office file encryption, or • PGP’s Whole Disk Encryption • Only transmit SPI when required for TCU business and then only in an encrypted manner such as through a TCU VPN session. TCU Information Security Services
Location-Sharing Technologies • Location-aware applications deliver online content to users based on their physical location. • Technologies employ GPS, cell phone infrastructure or wireless access points to identify where cell phones or laptops are located and users can share that information with location-aware applications. TCU Information Security Services
How are Location-Sharing Technologies used? • Apps might provide you with information on nearby restaurants, notify you of traffic jams, or let your friends in a social network know where you are, prompting increased social connectivity. • Additionally there are highly targeted marketing opportunities for retailers. TCU Information Security Services
Risks of Location-Sharing Technologies • Makes users “human homing beacons” • Increased chances of being stalked • May reveal when you are home or not TCU Information Security Services
Examples of Location-Sharing Technologies • Facebook places • The program for mobile phones allows users to "share where you are with your friends, see where your friends are and discover new places around you," said Mark Zuckerberg, Facebook's CEO at a press conference. • GPS Geotagging Smartphone photos • Blip – Blackberry application updates location every 15 minutes. • Latitude – Google app allows you to see where your friends are and what they are up to. TCU Information Security Services
Location-Sharing Technologies Security • Most apps offer privacy controls • But privacy controls are not always easy to access • Defaults may be too open • Know what applications you have and research privacy controls TCU Information Security Services
Recap • Good Habits – common sense • Configure devices securely • Understand what you are protecting • Be aware of new technologies TCU Information Security Services
Resources • TCU Computer Help Desk • 817-257-6855 • Help@tcu.edu • http://Help.tcu.edu • Location: Mary Couts Burnett Library, first floor • Information Security Services • https://Security.tcu.edu • Security@tcu.edu TCU Information Security Services