View
224
Download
4
Category
Tags:
Preview:
Citation preview
How to protect your laptop, smartphone & other mobile devices
CYBER SECURITY ON THE GO
TCU Information Security Services
OverviewMobile devicesRisksBest Practices
LaptopsSmartphonesPortable Storage Devices
Data ProtectionLocation-Sharing Technologies
TCU Information Security Services
TCU Information Security Services
Mobile DevicesLaptopsSmartphonesPortable storage devices
USB memory sticksThumb/flash drivesRemovable hard drives
PDA’s
TCU Information Security Services
RisksMobile devices are easy to lose or stealCan carry large amount of dataOften unprotectedData may be “sniffed” during unprotected
wireless communicationsResults
Broken deviceInfections from viruses, spyware, malwarePrivacy and personal security concerns
TCU Information Security Services
Best Practices – Good HabitsKeep it in sight, within reach, on your
person.Avoid clicking links or calling numbers
contained in unsolicited emails or text messages.
Know what you are downloading. Never store sensitive or confidential
information on a mobile device.
TCU Information Security Services
Best Practices – Configure Device Securely
Enable auto-lockEnable password protectionKeep all system/application patches up-to-
dateInstall anti-virus if available and keep it
up-to-dateEnable Remote Wipe (if available)
TCU Information Security Services
Best Practices – Wireless SafetyRule of thumb – do not trust wireless to be
secure!Disable features not in use such as Bluetooth,
infrared or Wi-fiSet Bluetooth devices to non-discoverable to
make them invisible to unauthenticated devicesAvoid joining unknown Wi-fi networks
Disable any “autoconnect” featureWhen using public wireless hotspots only
type in or view information that is not sensitive unless you create a TCU VPN session first.
TCU Information Security Services
TCU VPNVPN – Virtual Private NetworkAdvanced security technologiesTCU VPN is available to TCU Faculty and
StaffGo to
www.tr.tcu.edu/remoteconnection.htm for instructions
TCU Information Security Services
LaptopsAccording to a 2008 report of the
Ponemon Institute, “Business travelers lose more than 12,000 laptops per week in U.S. airports.” http://www.dell.com/downloads/global/services/dell_lost_laptop_study.pdf
TCU Information Security Services
Laptop Video from FTChttp://www.youtube.com/watch?
v=PeyKVC92AfM
TCU Information Security Services
Laptop - physical securityNever leave unsecured laptop unattendedLock your doorsLock it in a cabinetUse a locking security cable
Room/officeHotel roomPublic locationsConferences, training sessionsCost $15-$50, combination or key lock
TCU Information Security Services
Traveling with a LaptopDon’t let it out of your sight when you travelBe particularly watchful at airport security
checkpointsAlways take it in your carry-on luggage
Never put it in checked luggageUse a nondescript carrying caseBe careful when you take a nap in the airportDon’t leave it in view in your vehicle
Don’t trust the trunk - remember the quick release lever inside the vehicle?
TCU Information Security Services
SmartphonesSmartphones like the iPhone, Treo or
Blackberry are really small networked computers.
Run programs and can store thousands of documents in memory.
If stolen, an unsecured Smartphone grants access to your private information: email correspondence, address books, and any unsecured documents.
Losing a Smartphone could be as big a security problem as losing a laptop.
TCU Information Security Services
Smartphones continuedNever leave a Smartphone unattendedEnable auto-lockEnable password protection
Do not use your TCU passwordKeep the phone OS and apps up-to-dateEnable remote wipe
You can wipe out the data on a lost iPhone or Smartphone with Windows Mobile if the phone uses ActiveSync to synch email.
Remote WipeUsing Remote Wipe from Outlook Web
AccessGo to Options (upper right), select Mobile
DevicesWarning – this will wipe out everything on
the phone
TCU Information Security Services
TCU Information Security Services
Portable Storage DevicesUSB memory sticks, thumb/flash drives,
removable hard drivesNo confidential data!
Too easy to lose; easy target of theft“Erase” files so they aren’t recoverable
File Shredder CCleaner
Configure a username and passwordEncrypt files
Microsoft Office file encryption TrueCrypt, Ironkey
Beware “free” flash drives. They can contain viruses and malware
TCU Information Security Services
Data ProtectionThe best way to protect sensitive personal
information (SPI) is to never store it on a mobile device.
SPI is defined as an individual's name, address, or telephone number combined with any of the following:
Social security number or taxpayer ID number Credit or debit card number Financial/salary data Driver's license number Date of birth Medical or health information protected under HIPAA Student related data protected under FERPA
See the TCU Sensitive Personal Information (SPI) Policy https://security.tcu.edu/SecuringSPI.htm
TCU Information Security Services
Data Protection ContinuedStore your important files on your M: drive
and use VPN with Remote Desktop (Windows) or Screensharing (Mac) to access it (see http://www.tr.tcu.edu/RDP_VPN.htm for instructions on setting up VPN).
While it is against TCU Policy to store SPI on a mobile device, if you must store your own personal information, encrypt it.Use Microsoft Office file encryption, orPGP’s Whole Disk Encryption
Only transmit SPI when required for TCU business and then only in an encrypted manner such as through a TCU VPN session.
TCU Information Security Services
Location-Sharing TechnologiesLocation-aware
applications deliver online content to users based on their physical location.
Technologies employ GPS, cell phone infrastructure or wireless access points to identify where cell phones or laptops are located and users can share that information with location-aware applications.
TCU Information Security Services
How are Location-Sharing Technologies used?
Apps might provide you with information on nearby restaurants, notify you of traffic jams, or let your friends in a social network know where you are, prompting increased social connectivity.
Additionally there are highly targeted marketing opportunities for retailers.
TCU Information Security Services
Risks of Location-Sharing TechnologiesMakes users “human homing beacons”Increased chances of being stalkedMay reveal when you are home or not
TCU Information Security Services
Examples of Location-Sharing TechnologiesFacebook places
The program for mobile phones allows users to "share where you are with your friends, see where your friends are and discover new places around you," said Mark Zuckerberg, Facebook's CEO at a press conference.
GPS Geotagging Smartphone photosBlip – Blackberry application updates
location every 15 minutes.Latitude – Google app allows you to see
where your friends are and what they are up to.
TCU Information Security Services
Location-Sharing Technologies SecurityMost apps offer privacy controlsBut privacy controls are not always easy
to accessDefaults may be too openKnow what applications you have and
research privacy controls
Recap
Good Habits – common sense
Configure devices securely
Understand what you are protecting
Be aware of new technologies
TCU Information Security Services
TCU Information Security Services
ResourcesTCU Computer Help Desk
817-257-6855Help@tcu.eduhttp://Help.tcu.edu Location: Mary Couts Burnett Library, first
floorInformation Security Services
https://Security.tcu.edu Security@tcu.edu
Recommended