CERT mailing list archives

Previous By Date Next
Previous By Thread Next

Cyber Security Tip ST04-020 -- Protecting Portable Devices: Data Security

From: US-CERT Security Tips <security-tips () us-cert gov>
Date: Thu, 28 Jan 2010 16:42:02 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                            Cyber Security Tip ST04-020
                     Protecting Portable Devices: Data Security

   In addition to taking precautions to protect your portable devices, it is
   important to add another layer of security by protecting the data itself.

Why do you need another layer of protection?

   Although there are ways to physically protect your laptop, PDA, or other
   portable device (see Protecting Portable Devices: Physical Security for more
   information), there is no guarantee that it won't be stolen. After all, as
   the name suggests, portable devices are designed to be easily transported.
   The theft itself is, at the very least, frustrating, inconvenient, and
   unnerving, but the exposure of information on the device could have serious
   consequences. Also, remember that any devices that are connected to the
   internet, especially if it is a wireless connection, are also susceptible to
   network attacks (see Securing Wireless Networks for more information).

What can you do?

     * Use passwords correctly - In the process of getting to the information
       on your portable device, you probably encounter multiple prompts for
       passwords. Take advantage of this security. Don't choose options that
       allow your computer to remember passwords, don't choose passwords that
       thieves  could easily guess, use different passwords for different
       programs, and take advantage of additional authentication methods (see
       Choosing and Protecting Passwords and Supplementing Passwords for more
       information).
     * Consider storing important data separately - There are many forms of
       storage media, including CDs, DVDs, and removable flash drives (also
       known as USB drives or thumb drives). By saving your data on removable
       media and keeping it in a different location (e.g., in your suitcase
       instead of your laptop bag), you can protect your data even if your
       laptop is stolen. You should make sure to secure the location where you
       keep  your data to prevent easy access. It may be helpful to carry
       storage media with other valuables that you keep with you at all times
       and that you naturally protect, such as a wallet or keys.
     * Encrypt files - By encrypting files, you ensure that unauthorized people
       can't view data even if they can physically access it. You may also want
       to consider options for full disk encryption, which prevents a thief
       from  even starting your laptop without a passphrase. When you use
       encryption, it is important to remember your passwords and passphrases;
       if you forget or lose them, you may lose your data.
     * Install and maintain anti-virus software - Protect laptops and PDAs from
       viruses the same way you protect your desktop computer. Make sure to
       keep your virus definitions up to date (see Understanding Anti-Virus
       Software for more information). If your anti-virus software doesn't
       include anti-spyware software, consider installing separate software to
       protect against that threat (see Recognizing and Avoiding Spyware and
       Coordinating Virus and Spyware Defense for more information).
     * Install and maintain a firewall - While always important for restricting
       traffic coming into and leaving your computer, firewalls are especially
       important if you are traveling and using different networks. Firewalls
       can  help  prevent  outsiders  from  gaining  unwanted access (see
       Understanding Firewalls for more information).
     * Back up your data - Make sure to back up any data you have on your
       computer onto a CD-ROM, DVD-ROM, or network (see Good Security Habits
       and Real-World Warnings Keep You Safe Online for more information). Not
       only will this ensure that you will still have access to the information
       if your device is stolen, but it could help you identify exactly which
       information a thief may be able to access. You may be able to take
       measures to reduce the amount of damage that exposure could cause.
     _________________________________________________________________

     Authors: Mindi McDowell, Matt Lytle
     _________________________________________________________________

     Produced 2004 by US-CERT, a government organization.

     Note: This tip was previously published and is being
     re-distributed to increase awareness.

     Terms of use

     http://www.us-cert.gov/legal.html

     This document can also be found at

     http://www.us-cert.gov/cas/tips/ST04-020.html

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit 
 
     http://www.us-cert.gov/cas/signup.html.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBS2ICby/E9ke+6HGsAQJxpgf/bJCLLtkwq2nuOYA9wS9mHEpXXxtW0hE/
/ksOJ8iLuu2NGE/vomdMoLnl4UqW4xKJm1/YvJzDSb+Ygc6cT7v5OS5JP3co25tv
nK4uJ5y2w5b9ZgZV8r3GRwOajrwwH4ftmwvlJMRXCoouzTTu5V6GgAwuY5Yoxjol
btfdvnNnc6AZ/rIrqDaxEEpMu69H3C1r2ID7BisjkZd8KKt8C1QJwyt4aTqYJMJr
51kozDgCEEtKnaB8HiAAM0IArJfuFBmd8QinWf3yl0Kgko+lBCgQ39XqysR+06DB
dTMiXyvaEV/TPq0qUlOxtym1mAnGK6uer6V5RNN5QBV8laGm/NE1dA==
=fs5z
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: