CSI: UW Episode 4
The Scene of the Mobile Device Crime
SCENARIO 1 : You're at the airport, and you put your laptop and smart phone through the scanner. Someone grabs them and runs before you pass through. Your stolen laptop and phone contain your personal banking information and account access, and your devices weren’t locked.
SCENARIO 2 : You’re in the library with your mobile device and you get up to grab a book off the shelf. When you return your device is gone. It contains enough information for someone to steal your identity.
These are just 2 possible scenarios in which thieves or unauthorized users could get access to sensitive and/or personal information on your mobile device. How could access to your information be prevented? Here are some tips for keeping your machine more secure and preventing unauthorized access.
Your Mobile Device
If your mobile device is stolen and/or accessed by an unauthorized user, it can be a disaster. Here are some tips to protect your laptop and your data.
- Never leave your laptop or mobile device unattended. Even if you are gone for just a minute or two, that is ample time for someone to see and take your device.
- Record your device’s serial number. This is vital information that can be provided to the police if your device is stolen.
- Use a strong password. A strong password can stop others from accessing your files and hard drive. See episode Lock & Key.
- Do not have your browser remember passwords. If your browser remembers them, anyone who gains access to your computer can gain access to the sites you visit.
- Consider purchasing insurance. If your device is insured or covered under your or your parents’ homeowner’s insurance policy, you can recoup some of the loss of the device. Backup all important data daily. If your device is stolen you will have a copy of the information it contained.
- Don’t store sensitive or personal information on the device. Save as little as possible on the device itself. If you are traveling with your mobile device, only load the files you need during your trip. Sensitive information for business related activities should remain on UW servers. Use VPN to get to them from afar. Personal information such as passwords, credit card information, and other sensitive files should not be stored on the mobile device if it can be avoided.
- Encrypt your hard drive contents. Windows contains the Encrypting File System (EFS) which allows you to encrypt files and folders on your computer. EFS should only be used on personally owned computers not connected to UW’s network. You can also use the TrueCrypt product for more secure encryption on your computer. Linux users can encrypt their drives using a variety of products available on the web. Mac OS X users can use FileVault to encrypt their hard drive data. You should back up your personal encryption certificates and keys to disk or CD and store them in a safe location. Warning!: If you forget your password, your data can be lost forever! *
- Be cautious of public use wireless and hardwired networks. If a wireless network does not include security, a huge potential for data theft exists. If you are in a public area on a wireless network such as a hotel or cafe, never login to sensitive web sites unless the site is using a Secure Socket Layer (SSL) designated by HTTPS. Be wary of using a VPN client unless you know all network traffic is encrypted. For further information on VPN at UW go to the WyoSecure VPN page (www.uwyo.edu/infotech/services/network/vpn/).
- Contact the Police. In the event of a theft, be sure to report it to the UW Police at (307) 766- 5179.
Laptop Security software
In addition to the steps listed above, users can also install an open source product named Prey. Prey allows you to track and secure your mobile device if it has been lost or stolen.
With Prey, you can
- Track a device with using the device's GPS or Wi-Fi triangulation
- Force a lockdown of the device to prevent access
- Capture screen shots of whatever is currently active on the device
- Capture images using the web camera of the device
*Information Technology is unable to provide support for, or recovery from, encrypted file systems at this time. IT is working to implement system utilities that will provide a backup for lost keys for supported Windows Operating Systems.