National Cyber Security Awareness Month: Cyber Security for Mobile Devices

October is National Cyber Security Awareness Month. This week’s cyber security article is about mobile devices. Many of today’s mobile devices are computers just like more “traditional” laptop and desktop computers. These devices can store important business and personal information, and may be used to access University systems, email, banking information, work and personal accounts. Where this is the case, they need to be protected like any other computer.

Protecting mobile devices:

• Use a complex password, and be sure your device requires a password to start up or resume activity
• Set it to automatically lock after a short period of inactivity
• Keep it with you or lock it up securely before you step away -- even just for a second
• Don't store sensitive information. Encrypt your device or sensitive contents if you do.
• Don’t store passwords unless they’re encrypted
• Run current versions of the operating system and applications. Remember to sync often so you get available updates. Always install updates when your carrier tells you they are available.
• Beware of phishing: Don’t open files, click links, or call numbers in unsolicited emails, text messages or IMs
• Use anti-virus/anti-malware software, if it is available for your device, and set it to auto-update as frequently as the settings will allow
• If your mobile device has built-in firewall or access control functionality, turn them on. Default settings are typically fine.
• Use known, encrypted networks whenever possible – and always for sensitive data
• Disable or remove apps and plug-ins that you don’t actively use
• Avoid using auto-complete features that remember user names or passwords
• If your device has a web browser, set the browser to block pop-ups. For added privacy, also set the browser to limit the cookies it accepts.
• Securely delete all contents before discarding, exchanging, selling or donating a device
• All devices connecting to UCSC’s network or services must meet UC & UCSC security requirements

Checklist for lost/stolen portable devices:

• Immediately report lost or stolen devices to the police
• Report to UCSC police for campus incidents and local police for off-campus incidents
• If you used the device for work, also report it to the ITS Support Center (contact info below)
• For phones, notify your cellular carrier. Request they deactivate the device if possible.
• Change all passwords stored or used on the device, including email, Dropbox, banking, etc.
• Notify credit card companies and banks if you used the device for shopping or banking
• Try to track its location, if possible
• Try to remotely wipe your device if the remote wipe feature was enabled and the phone contained sensitive data or passwords

Additional precautionary measures – to help protect your data in case of theft or loss:

(not all of the following are available on all devices, and not all are appropriate in every situation)

• Back up or sync your data regularly
• Set your device to erase itself after repeated failed log-on attempts
• Enable remote wipe
• Enable location tracking, keeping in mind the privacy implications. BGR article / Huffington Post article
• Set the device to display a "call if found" phone number

---- 

Additional Information:

• Additional Google security tips: http://gmailblog.blogspot.com/2009/10/gmail-account-security-tips.html and http://www.google.com/goodtoknow/online-safety/
• Additional cyber security information: http://its.ucsc.edu/security/

For questions or assistance, contact the ITS Support Center.