CERT mailing list archives

Previous By Date Next
Previous By Thread Next

Cyber Security Tip ST04-017 -- Protecting Portable Devices: Physical Security

From: US-CERT Security Tips <security-tips () us-cert gov>
Date: Thu, 3 Dec 2009 15:36:38 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                         Cyber Security Tip ST04-017
               Protecting Portable Devices: Physical Security

   Many computer users, especially those who travel for business, rely on
   laptops and PDAs because they are small and easily transported. But while
   these characteristics make them popular and convenient, they also make them
   an ideal target for thieves. Make sure to secure your portable devices to
   protect both the machine and the information it contains.

What is at risk?

   Only you can determine what is actually at risk. If a thief steals your
   laptop or PDA, the most obvious loss is the machine itself. However, if the
   thief is able to access the information on the computer or PDA, all of the
   information stored on the device is at risk, as well as any additional
   information that could be accessed as a result of the data stored on the
   device itself.

   Sensitive corporate information or customer account information should not
   be accessed by unauthorized people. You've probably heard news stories about
   organizations panicking because laptops with confidential information on
   them  have  been lost or stolen. But even if there isn't any sensitive
   corporate information on your laptop or PDA, think of the other information
   at risk: information about appointments, passwords, email addresses and
   other contact information, personal information for online accounts, etc.

How can you protect your laptop or PDA?

     * Password-protect your computer - Make sure that you have to enter a
       password to log in to your computer or PDA (see Choosing and Protecting
       Passwords for more information).
     * Keep your laptop or PDA with you at all times - When traveling, keep
       your laptop with you. Meal times are optimum times for thieves to check
       hotel rooms for unattended laptops. If you are attending a conference or
       trade  show, be especially wary—these venues offer thieves a wider
       selection of devices that are likely to contain sensitive information,
       and the conference sessions offer more opportunities for thieves to
       access guest rooms.
     * Downplay your laptop or PDA - There is no need to advertise to thieves
       that you have a laptop or PDA. Avoid using your portable device in
       public  areas, and consider non-traditional bags for carrying your
       laptop.
     * Be aware of your surroundings - If you do use your laptop or PDA in a
       public area, pay attention to people around you. Take precautions to
       shield yourself from "shoulder surfers"—make sure that no one can see
       you type your passwords or see any sensitive information on your screen.
     * Consider an alarm or lock - Many companies sell alarms or locks that you
       can use to protect or secure your laptop. If you travel often or will be
       in a heavily populated area, you may want to consider investing in an
       alarm for your laptop bag or a lock to secure your laptop to a piece of
       furniture.
     * Back up your files - If your portable device is stolen, it's bad enough
       that someone else may be able to access your information. To avoid
       losing all of the information, make backups of important information and
       store the backups in a separate location (see Good Security Habits for
       more  information).  Not only will you still be able to access the
       information, but you'll be able to identify and report exactly what
       information is at risk.

What can you do if your laptop or PDA is lost or stolen?

   Report the loss or theft to the appropriate authorities. These parties may
   include representatives from law enforcement agencies, as well as hotel or
   conference staff. If your device contained sensitive corporate or customer
   account  information,  immediately  report  the  loss or theft to your
   organization so that they can act quickly.
     _________________________________________________________________

     Author: Mindi McDowell
     _________________________________________________________________

     Produced 2004 by US-CERT, a government organization.

     Note: This tip was previously published and is being
     re-distributed to increase awareness.

     Terms of use

     http://www.us-cert.gov/legal.html

     This document can also be found at

     http://www.us-cert.gov/cas/tips/ST04-017.html

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit http://www.us-cert.gov/cas/signup.html.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSxgfZNucaIvSvh1ZAQIrtwf/bcFJd/Nk/TDKyuo5e50sEIwhnWji1a9x
Uxf6c+aWxHBpw9yjljIIHRF2IKsahoF6Lu7DsPjTUj/L2z9AVLMOb9e6qkAc0/sG
dZ7bKG6oSBSbRCb6JfEvMQHNnX+R+OHCcyw+J/kgDV1aP8jEAK+wDSXbe66elw/k
tF0uK/oGgrQ/d/mCvV0M2FejTZUpU6VetBI+HL7p81tsnQHCi5vJTyeSgvT7uOVd
0PS6nOGwZB/SsVsCvZNtEz00rh1Efgy3eqL4wsrSDK9U7dj5tjCR3G7F2E0qi7G9
iG9Yr6MYlwgRnyM/idMzyvCmXKz6tSolugLJ3Ep2Jnvcfcv8BptsnQ==
=PO98
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: