Cyber security extends beyond traditional desktop and laptop computers; it also includes:
- Mobile phones
- Personal digital assistant (PDAs)
- Car navigation systems, etc.
Safeguard your portable devices to protect both the machine and the information it contains.
- All electronic equipment using some kind of computerized component is vulnerable.
- Risk increases if device is connected to the Internet or a network where an attacker can gain access.
- Wireless connections are also vulnerable to attackers gaining access to your device; they can send information to or extract information from your device.
Only you can determine what is actually at risk. Ask yourself, “What information on my device do I not want anyone to have access to?”
If a thief steals your electronic device, all of the information stored is at risk, as well as any additional information that could be accessed as a result of the data stored on the device itself. Even if there isn’t any sensitive corporate information on your laptop or PDA, think of the other information: information about appointments, passwords, email addresses and other contact information, personal information for online accounts, etc.
Physical Device Security – Protect the Machine
In a home or official office setting, you may be able to control who has physical access to your electronic devices. However, traveling with a portable electronic device has a greater risk of being stolen, which means additional steps must be taken to protect the information on these devices.
- Remember physical security – Having physical access to a device makes it easier for an attacker to extract or corrupt information. Do not leave your device unattended in public or easily accessible areas.
- Keep your portable electronic device with you at all times – When traveling, laptops, PDAs or cell phones should never be checked with other luggage or stored in a temporary airport or train station storage locker, but should be part of your carry-on baggage that will stay with you at all times.
- Hand-carry portable electronic devices securely. Don’t put mobile phones or PDAs in the external pockets of your bag or purse; keep it inside. If you keep your mobile or PDA on a belt, use a case. It is more difficult to remove the case from your belt unnoticeably.
- Never give your electronic device to someone you do not know. Do not allow an unfamiliar person access to your device even if it is just to carry it to your hotel room or place a call on your cell phone.
- Downplay your electronic device. Avoid using your portable device in public areas, and consider non-traditional bags for carrying your laptop.
- Consider an alarm or lock – If you travel often or will be in a heavily populated area, you may want to consider investing in an alarm for your laptop bag or a lock to secure your laptop to a piece of furniture.
- Identify and label electronic devices. Place a decal or mark device (such as engraving) that will be difficult to remove. Record all serial numbers and other identifying information and keep a hard copy of the information in two different locations.
- Secure wireless networks. Place wireless base stations away from outside walls in order to minimize transmission of data outside of building.
Data Security – Protect the Information
- Password-protect your device. Follow proper password management for all electronic devices. Make sure that you have to enter a password to power-up and log in to your computer or electronic device. Enable timeout mechanisms that automatically prompt for a password after a period of inactivity. Do not choose options that allow your device to remember your passwords.
- Turn off all communication ports during periods of inactivity
- Disconnect your computer from the Internet when you are not using it. Your device is at a much higher risk for being targeted by attackers and viruses if always connected to the Internet.
- Disable remote connectivity – Some PDAs and phones are equipped with wireless technologies, such as Bluetooth, that can be used to connect to other devices or computers. Disable this function when not in use.
- Evaluate your devices’ security settings. Most software, including browsers and email programs, offers a variety of features that you can tailor to meet your needs and requirements. Increase web browser security settings to High and limit or disable plugins.
- Physical access to computing facility. Depending on the country you’re working in, it is not always possible to dictate what employees can do or where they can go. For example, in certain countries it is not permitted to log the fact that a specific person accessed a specific data set at a certain time on a certain date, because such a log could be misused to inappropriately monitor his/her work habits, speed, productivity, etc. Likewise, in some countries, there are resident fire marshals in the facility who do not work for the enterprise, but are authorized access to each and every part of the physical facility. Factors such as these must be understood and carefully planned for.
Computer Theft
It is obvious to a knowledgeable observer by the distinctive shape of the carrying case and the special care taken by the owner, when a person is carrying a computer. The laptop is a clear target for its intrinsic value, and a ready market for stolen equipment and the computer’s compact size make the theft a very lucrative, low risk venture for the criminal. The loss or theft of a laptop poses a significantly greater risk of valuable information loss than ever experienced in the past, because of how much information can be stored on it.
What can you do if your electronic device is lost or stolen?
Report the loss or theft to the appropriate authorities. These parties may include representatives from law enforcement agencies, as well as hotel or conference staff. If your device contained sensitive corporate or customer account information, immediately report the loss or theft to your organization so that they can act quickly. For cell phones, call your service provider and suspend your account immediately.
