Cyber Security on the go How to protect your laptop, smartphone & other mobile devices TCU Information Security Services
Overview Mobile devices Risks Best Practices Data Protection Laptops Smartphones Portable Storage Devices Data Protection Location-Sharing Technologies TCU Information Security Services
Mobile Devices Laptops Smartphones Portable storage devices PDA’s USB memory sticks Thumb/flash drives Removable hard drives PDA’s TCU Information Security Services
Risks Mobile devices are easy to lose or steal Can carry large amount of data Often unprotected Data may be “sniffed” during unprotected wireless communications Results Broken device Infections from viruses, spyware, malware Privacy and personal security concerns TCU Information Security Services
Best Practices – Good Habits Keep it in sight, within reach, on your person. Avoid clicking links or calling numbers contained in unsolicited emails or text messages. Know what you are downloading. Never store sensitive or confidential information on a mobile device. TCU Information Security Services
Best Practices – Configure Device Securely Enable auto-lock Enable password protection Keep all system/application patches up-to-date Install anti-virus if available and keep it up-to-date Enable Remote Wipe (if available) TCU Information Security Services
Best Practices – Wireless Safety Rule of thumb – do not trust wireless to be secure! Disable features not in use such as Bluetooth, infrared or Wi-fi Set Bluetooth devices to non-discoverable to make them invisible to unauthenticated devices Avoid joining unknown Wi-fi networks Disable any “autoconnect” feature When using public wireless hotspots only type in or view information that is not sensitive unless you create a TCU VPN session first. TCU Information Security Services
TCU VPN VPN – Virtual Private Network Advanced security technologies TCU VPN is available to TCU Faculty and Staff Go to www.tr.tcu.edu/remoteconnection.htm for instructions TCU Information Security Services
Laptops According to a 2008 report of the Ponemon Institute, “Business travelers lose more than 12,000 laptops per week in U.S. airports.” http://www.dell.com/downloads/global/services/dell_lost_laptop_study.pdf TCU Information Security Services
Laptop Video from FTC http://www.youtube.com/watch?v=PeyKVC92AfM TCU Information Security Services
Laptop - physical security Never leave unsecured laptop unattended Lock your doors Lock it in a cabinet Use a locking security cable Room/office Hotel room Public locations Conferences, training sessions Cost $15-$50, combination or key lock TCU Information Security Services
Traveling with a Laptop Don’t let it out of your sight when you travel Be particularly watchful at airport security checkpoints Always take it in your carry-on luggage Never put it in checked luggage Use a nondescript carrying case Be careful when you take a nap in the airport Don’t leave it in view in your vehicle Don’t trust the trunk - remember the quick release lever inside the vehicle? TCU Information Security Services
Smartphones Smartphones like the iPhone, Treo or Blackberry are really small networked computers. Run programs and can store thousands of documents in memory. If stolen, an unsecured Smartphone grants access to your private information: email correspondence, address books, and any unsecured documents. Losing a Smartphone could be as big a security problem as losing a laptop. TCU Information Security Services
Smartphones continued Never leave a Smartphone unattended Enable auto-lock Enable password protection Do not use your TCU password Keep the phone OS and apps up-to-date Enable remote wipe You can wipe out the data on a lost iPhone or Smartphone with Windows Mobile if the phone uses ActiveSync to synch email. TCU Information Security Services
Remote Wipe Using Remote Wipe from Outlook Web Access Go to Options (upper right), select Mobile Devices Warning – this will wipe out everything on the phone TCU Information Security Services
Portable Storage Devices USB memory sticks, thumb/flash drives, removable hard drives No confidential data! Too easy to lose; easy target of theft “Erase” files so they aren’t recoverable File Shredder CCleaner Configure a username and password Encrypt files Microsoft Office file encryption TrueCrypt, Ironkey Beware “free” flash drives. They can contain viruses and malware TCU Information Security Services
Data Protection The best way to protect sensitive personal information (SPI) is to never store it on a mobile device. SPI is defined as an individual's name, address, or telephone number combined with any of the following: Social security number or taxpayer ID number Credit or debit card number Financial/salary data Driver's license number Date of birth Medical or health information protected under HIPAA Student related data protected under FERPA See the TCU Sensitive Personal Information (SPI) Policy https://security.tcu.edu/SecuringSPI.htm TCU Information Security Services
Data Protection Continued Store your important files on your M: drive and use VPN with Remote Desktop (Windows) or Screensharing (Mac) to access it (see http://www.tr.tcu.edu/RDP_VPN.htm for instructions on setting up VPN). While it is against TCU Policy to store SPI on a mobile device, if you must store your own personal information, encrypt it. Use Microsoft Office file encryption, or PGP’s Whole Disk Encryption Only transmit SPI when required for TCU business and then only in an encrypted manner such as through a TCU VPN session. TCU Information Security Services
Location-Sharing Technologies Location-aware applications deliver online content to users based on their physical location. Technologies employ GPS, cell phone infrastructure or wireless access points to identify where cell phones or laptops are located and users can share that information with location- aware applications. TCU Information Security Services
How are Location-Sharing Technologies used? Apps might provide you with information on nearby restaurants, notify you of traffic jams, or let your friends in a social network know where you are, prompting increased social connectivity. Additionally there are highly targeted marketing opportunities for retailers. TCU Information Security Services
Risks of Location-Sharing Technologies Makes users “human homing beacons” Increased chances of being stalked May reveal when you are home or not TCU Information Security Services
Examples of Location-Sharing Technologies Facebook places The program for mobile phones allows users to "share where you are with your friends, see where your friends are and discover new places around you," said Mark Zuckerberg, Facebook's CEO at a press conference. GPS Geotagging Smartphone photos Blip – Blackberry application updates location every 15 minutes. Latitude – Google app allows you to see where your friends are and what they are up to. TCU Information Security Services
Location-Sharing Technologies Security Most apps offer privacy controls But privacy controls are not always easy to access Defaults may be too open Know what applications you have and research privacy controls TCU Information Security Services
Recap Good Habits – common sense Configure devices securely Understand what you are protecting Be aware of new technologies TCU Information Security Services
Resources TCU Computer Help Desk Information Security Services 817-257-6855 Help@tcu.edu http://Help.tcu.edu Location: Mary Couts Burnett Library, first floor Information Security Services https://Security.tcu.edu Security@tcu.edu TCU Information Security Services