Security and Personal Information
Your mobile computer and portable device may contain information such as location tracking, personal contact data, tax returns, social security information, bank accounts and other important files that are convenient for you. The mobility, technology and information that make smart phones, tablets, netbooks, laptops and other mobile computing devices so useful to employees and organizations also makes them valuable prizes for thieves.
Three reasons to secure your mobile device are to protect:
- Your information
- Your identity
- Your privacy
There are options, both free and paid, that can keep your information safe even if someone walks off with your laptop or breaks into your device. If possible, device encryption should be deployed. The use of encryption requires key management and must be managed by either yourself or your department. If possible, password protect or otherwise protect the entry to the device. Consider enabling location tracking and remote wiping, but also consider your privacy and tracking when you make the decision to enable location-based services. If you are using a device funded by Oakland University, login password protection, passcode locks, auto-lock and location services should be enabled.
It is your responsibility to understand the risks and be proactive in keeping your mobile device secure. The question you need to consider is what type of data you are storing on your mobile device and why it is there. There is no foolproof way to prevent a mobile device from being stolen, lost or otherwise compromised by an intruder.
Contact the Helpdesk if you have questions or comments about how we can help you learn more about how to secure your mobile computer.
Frequently Asked Questions
Are there guidelines for securing my mobile device?
We recommend following guidelines from Internet2
What are the risks for a lost or stolen laptop, smartphone or other computing device?
Only you can determine what is actually at risk. Here are some common risks:
- The risk that confidential or sensitive information is lost or stolen.
- The risk of identity theft.
- The risk to gain unauthorized access to private networks.
- The associated costs and business interruptions of laptop and data loss.
- The threat of litigation and public embarrassment if confidential information from a third party is lost or stolen.
What types of mobile devices need security?
Mobile devices include laptop computers, smartphones (BlackBerrys, iPhones, Palm Pres, etc), PDAs (personal digital assistant) or any handheld computing device. Mobile devices that may store data include USB flash drives, external hard drives, CDs (compact disk), and DVDs (digital video disk).
The available technology for devices other than laptops is often insufficient to assure security and a good reason to not store confidential data on these types of devices.
Do I have to secure my personal computer if I use it for University business?
Yes, you are responsible for implementing security measures to protect the data on any device (university owned or personally owned) that is used to access and/or store confidential university data. We recommend that university data not be stored on any device not owned by the University. Please review the Information Security Policy #860 before storing any university data on a device not owned by the University.
What is encryption?
Encryption is the process of converting data into a format that is unreadable so it is protected against everyone except those with a special key. There are two options:
- Encrypting individual files and/or directories
- Encrypting an entire disk
University Technology Services recommends full disk encryption.
What types of data need to be encrypted?
Data that are specifically restricted from open disclosure to the public by law are classified as “Confidential Data” and require a high level of protection against unauthorized disclosure, modification, destruction, and usage.
Examples of confidential data include, but are not limited to:
- Social security numbers
- Credit card numbers
- Official student grades
- Financial aid data
- Research data
- Drivers license numbers
- Individuals’ health information
Some data are federally protected under laws like the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA). For more information, read the Information Security Policy #860.
What type of encryption solutions are available?
Encryption software is available either paid or free software. The use of encryption requires key management and must be managed by either yourself or your department. Encryption key management is not the responsibility of University Technology Services.
- Encrypting File System (EFS) is the built-in file/folder encryption solution available for Windows XP.
- File Vault is the built-in file/folder encryption solution available for Macs.
- Bitlocker is the built–in full disk encryption available only on Windows Vista.
- TrueCrypt is free open-source disk encryption software for Windows Vista/XP, Mac OS X and Linux. Please contact the Helpdesk for assistance on installation of Truecrypt software on your laptop.
- SecureDoc is a third party paid encryption solution that provides full-disk encryption for Windows, Mac, and Linux.
- PGP is a third party paid encryption solution for Macs and Windows. PGP also offers mobile encryption solutions.
How do I protect my activities on a wireless network?
You can protect your wireless network by enabling WEP (Wireless Equivalent Privacy) or WPA (Wireless Protected Access) encryption. WPA2 is the newest and highest level of encryption available. The encryption scrambles data on your wireless network so that only computers that have the encryption key can read your communications.
Refer to the owner's manual for your wireless router or access point to determine how to enable and configure encryption for your device. Once you enable encryption on your router or access point, you will need to configure your wireless network devices with the proper information to access the network.
Is fingerprint recognition software a recommended security measure?
There are many vendors who promote fingerprint recognition as a security measure. Fingerprint identity protection software does provides an additional layer of security.
Microsoft does not promote their built in fingerprint reader as a security device, but rather a convenient tool for those who want a fast way to log on without having to remember user names and passwords. The Microsoft website warns that the fingerprint reader should not be used to protect sensitive data but used to alleviate password memorization.
What are some best practices for securing a mobile device?
The following best practices are easy to implement and inexpensive ways to secure your mobile device:
- Keep patches up-to-date on operating systems — Whenever a security issue comes to light, the software maker issues an update or a patch. This reduces the possibility that a system can be compromised. If the computer is on the University domain environment then these patches are maintained through group policy.
- Remove Files — Clear temporary Internet files (cache), cookies, and browsing history after Internet usage. Each Internet browser is different see help from the menu bar on how to remove these files.
- Do not store passwords — There is security risk in letting your Internet browser save your passwords. The AutoComplete feature can save Web addresses, form data, and access credentials such as usernames and passwords. Learn how to turn off this feature within the browser help menu.
- Use password protection — Enable the password locking feature and change the password regularly. Choose a strong password - one that is at least eight characters, including a mix of numbers and letters. A long idle time allows someone walk away with a laptop and still have access to all its contents. To minimize this risk, enable a password request after five minutes of inactivity.
- Set-up a personal firewall — Configure your device to enable firewall protection. Firewall software blocks unwanted network communication with your computer. Both Microsoft and Apple provide firewall protection on their operating systems.
- Adjust the wireless security settings — When using wireless connections adjust the security settings on your device to the strongest settings.
- Lock the device — Avoid leaving unsecured laptops or mobile computing devices unattended. Purchase locking cables and lock the device to a heavy non-movable object or store the device in a secure location. If they must be left in a vehicle, they should be covered up or locked in the trunk. If you must occasionally leave a laptop or other mobile device in a car or other location, you must have full encryption enabled on the device.
- Alarm the device — If the laptop is moved or handled without authorization, the system will give a warning signal. There are many different kinds of alarm systems. The simplest ones are integrated into the cable lock, which, if broken, will start the alarm. These alarms can be purchased at office supply stores
- Encrypt your data — Assess and evaluate the data stored on your device and use the appropriate encryption method or invest in advanced data protection. Leverage advanced data protection technology to remotely wipe sensitive information in the event that your computer is lost or stolen.