Portable Data Device Security Best Practices
Why do we use mobile devices?
- Large capacity
- Easy to use
Risks using mobile devices
- Easy to steal
- Easy to misplace
- Easy to gain access to information through wireless or plain grab and run
- Devices are used to collect all kinds of information
What kinds of information are at the risk of being compromised?
- Confidental information
- Financial information like:
- Personal - Banking information
- Corporate - Customer credit card information
- Student grades
- Health data
- Social Insurance Numbers
- Meeting minutes
- Unpublished research drafts
- Staff member reviews
- Personal contact information like:
- Phone numbers
- Email lists
- Decryption keys and passwords
What can be done?
Ask yourself “Is it really necessary that I transport this sensitive information?” . If the answer is no, then do not copy the information. If it is mandatory that you have to transport information considered to be sensitive, some basic steps are needed to ensure that mobile information is maintained with the highest integrity.
If you're unsure how to proceed forward following these practices, please consult WTS for further assistance.
Whenever using mobile data, always keep in mind the question: What could happen if an unauthorized person gained control of this information? Look for and try to use the most secure methods for handling data:
A list of products currently in use around campus:
- Choose a strong password.
- Enable the password-locking feature of the screensaver on laptops.
- Passwords should never be written down, especially not next to the computer.
- Do not use the same password for everything that requires a password. Do not use your work password for your personal banking password etc.
- Use encryption - Passwords alone should not be your only defense. Always try to use as many security methods as possible, including encryption of data.
- If you must transport sensitive information, use encryption software to encrypt the information effectively and securely.
- Be sure to know the proper password and method to un-encrypt the information. Decryption keys locked in safes, safety deposit boxes, or otherwise stored in a safe location can help prevent a data loss catastrophe. Encrypted information cannot typically be recovered.
- Encryption will not make any difference if there are hard copies of the information in the same case as the stolen laptop.
- ALL sensitive data should be encrypted, including sensitive information on hard drives, USB devices, CD’s, cell phones, etc.
- Wherever possible, use the most secure method available to communicate on the network. When working from off-campus, use Western ROAMs. When using wireless on campus, use the UWOSecure-v2 network.
- Make frequent and necessary backups of data, in the event that data is lost. Have a Personal Disaster Recover Plan.
- If you have a laptop, but are not using the wireless card turn it off.
- Lock the keyboard when you step away from a computer or mobile device.
- Make use of the Campus Community Police Service program to mark electronic devices.
- Do not make your laptop or handheld device an obvious target for theft. Put your laptop case in a knapsack or gym bag.
- Put them in the trunk of your car before you arrive at your destination - out of sight, out of mind.
- Do not leave your equipment in a cold car overnight, and if you do, when you bring it into a warm environment, give it some time to warm up. Likewise, do not leave equipment in a hot car during the summer.
- Be cautious with food and drink around your portable devices. Spills and crumbs can quickly destroy electronics.
- Scan periodically for viruses/ spyware/ trojans etc.
- Backup data.
- Protect your computer.
Published on and maintained in Cascade CMS.