Information Security Training

Thanks for being so Careless (Courtesy of Information Security Services, Arizona Department of Administration)

Securing Mobile Devices

Are you aware of the notebook PC lost with millions of veteran’s personal information on it? How about the Texas contractor that lost a device with over 1.3 million student loan files on it? Mobile devices are everywhere – notebooks, tablet PCs, Personal Digital Assistants (PDAs) and smart phones with increasing storage and performance capabilities that rival yesterday’s desktop.

These devices that can hold large amounts of sensitive information themselves are being used to access the network and gain access to even more information. The potential for financial loss, legal liability and brand damage from unprotected devices is one of the most underestimated risks facing a university or business. Sensitive information stored on removable storage cards, such as MMC and SD, should be protected. Whenever possible, the application data on a device should be encrypted so that it is not easily read and intercepted by another user. Remember that the information (contacts, electronic mail, calendars) on the device is not normally encrypted.

Leaving a device alone will allow someone to grab it and utilize any private   information found on it. Always keep it close or locked up to prevent theft. Also with Wireless and Bluetooth technologies, hackers can intercept or capture your transmissions if not secured. This requires the use of encryption in order to protect data being sent. Utilize the strongest encryption possible (128-bit encryption or better). Any transmissions should utilize some kind of SSL to protect the information being transmitted. More advanced techniques include VPN using IPSec which provides better protection than SSL.

Another threat to mobile devices is viruses or other malicious software. Vendors are many constant efforts to develop security solutions. Therefore, it is advisable to install anti-virus solutions, and keep them updated.

Lastly, there are PC tracking services and software available to provide a means of possible recovery of a lost device. Many of these give piece of mind and for $100 one can protect their $1000 investment.

There are best practices and solutions to protect mobile devices. Some of these include:

• Utilize a PIN or strong password
• Install encryption software for transmitting files and checking email
• Encrypt the device hard drive, storage cards (MMC and SD), and files
• Use biometrics for authentication
• Never leave a device alone or lend it to strangers
• Encrypt sensitive data/information
• Never let programs (i.e. Internet explorer) remember your passwords
• Delete your cookies and temp. internet files on a regular basis
• Use a tracking service or software to recovery stolen mobile devices
• Turn off wireless if not being used
• Disable infrared devices
• Store Notebook PC in a notebook PC safe
• Engrave Notebook PC with personnel information
• Have a copy of the Notebook’s serial number
• Use firewall, anti-virus, anti-spam, anti-spyware and keep your system patched
• Pay extra attention to laptop at airports and train stations. Never check-in your Notebook PC.

Best Practices for locking down Bluetooth:

• Enable Bluetooth services only when required
• Configure Bluetooth device in “undiscoverable” mode so that the device is not listed in the search listings of other Bluetooth devices
• Use eight alpha-numeric passwords (wherever supported) for pairing
• Do not pair with unknown devices, especially, in public places
• Do not accept files or messages from an unknown device, as this can be dangerous by carrying a virus or worm
• Ensure that the Bluetooth display name of the mobile device does not suggest your identity
• Unpair the device from your mobile device, in case the other device is stolen

Want more?

• Top Nine Tips on Securing Mobile Devices
• Bluefire Security Products
• Improve Device Security
• F-Secure Anti-Virus
• Best Practices for Securing Mobile Computing Devices
• CompuTrace - Notebook Tracking Service
• Lo-Jack Notebook Tracking Software
• Locking Down the Laptop
• Cyber Angel

If you need further assistance, email infosec@towson.edu for help.

Information Security Office
Office of Technology Services
Cook Library, 4
Hours: Monday - Friday, 8:30 a.m. to 4:00 p.m.
E-mail: infosec@towson.edu