User Responsibilities and Procedures
Password-protect your mobile device: Physical security is a major concern for mobile devices, which tend to be small and easily lost or misplaced. If your mobile device is lost or stolen, a device password may be all that stands in the way of someone reading your email and other sensitive data.
- Choose a strong password. The security of your system is only as strong as the password you select to protect it. Review ISO guidelines for selecting a secure password.
- It may be difficult to type especially complex passwords on the small keypad of some devices, but it is important that you try to choose a strong, effective password that is not easily guessed. See theManaging Your Andrew Password [PDF] document for tips on selecting the best possible password.
Use antivirus software: Mobile devices can be just as susceptible to viruses as desktop computers. This is new terrain for hackers but, industry analysts expect viruses, Trojans, spam, and all manner of scams to grow as the mobile device market grows. A couple of examples encountered to date include the 911 virus which caused 13 million i-mode users to automatically place a call to Japan’s emergency phone number and the PalmOS/LibertyCrack, a known Trojan horse that can delete all applications on a Palm PDA.
A number of vendors offer antivirus and anti-spam solutions. Airscanner, F-Secure, and Trend Mobile are a few examples.
Promptly report a lost or stolen device:
In some cases, as in the case of Carnegie Mellon’s BlackBerry service, a device can be remotely deactivated thus preventing email or other sensitive data from being exposed. Understand what options are available to you and exercise them promptly when necessary. Additionally, consider documenting the serial number of and/or engraving your device.
Verify encryption mechanisms:
Your accounts and passwords should never travel unencrypted over a wireless network. Wireless network traffic can be easily sniffed. Therefore, any sensitive data, especially login information, should always be encrypted. Carnegie Mellon’s VPN service provides encryption for some device types.
Sensitive documents, if stored on the device, should be encrypted if possible (keeping in mind that some devices encrypt stored documents by default).
Disable options and applications that you don't use:
Reduce security risk by limiting your device to only necessary applications and services. You won't need to manage security updates for applications you don't use and you may even conserve device resources like battery life. Bluetooth and IR are two examples of services that can open your device to unwelcome access if improperly configured.
Regularly back up data:
Be sure to have a back up copy of any necessary data in case your mobile device is lost or damaged. Consider using multiple backup mechanisms and if you travel, have a portable backup device that you can take with you.
Follow-up safe disposal practices:
When you are ready to dispose of your device, be sure to remove all sensitive information first. Some services, like Computing Services' BlackBerry service, can help by remotely clearing the device.
Other Precautions: Keep power to your device. If it loses power, all stored information may be erased.
No comments:
Post a Comment