- Lock Your Device - A lost or stolen smart phone or tablet may ruin your day with having to find those contacts again, the money you spent, etc... Now think about this. What information do you have on your phone or tablet that may ruin your research, department, or University if it were to fall in the hands of someone else? Would an email that is in your account cause NDSU to be out of compliance? Do you have a password saved for your bank account? A key combination, swipe pattern, or password would eliminate a lot of worry.
- Apps! - They are the coolest things that smart phones and tablets have come up with; little bits of code that check your mail, report trending topics, calculate your gas milage, or show you where Jupiter is located right now. Know where your apps come from, most phones and tablets have their own place to purchase and install applications for your device. Make sure that you read what the app is going to have access to, what the app is going to report, and costs associated with the app. For the most part these repositories vet the apps before you are allowed to download them, however, its not a bad idea to read several pages of reviews from other customers before installing a strange app on your mobile platform.
- Updates - Every phone or tablet manufacturer performs routine updates, usually several times a year, make sure you do not skip the updates, however, with updates, you may wish to wait a few days after the updates are made public before installing, just so if there are problems with the updates, those are fixed before your device gets them. But make sure that your device remains up to date with it software.
- Smart Tips to Protect Your Device and Your Data
- Configure your mobile device to be secure and safe
- Enable a numerical key, swipe pattern or complex password on your device.
- Set the device to autolock after X number of minutes of inactivity.
- If available, enable remote wipe on your device should it become lost or stolen.In
- Install anti-virus software on the device. Keep the anti-virus software up-to-date.
- Avoid connecting to open or "free" WiFi services such as those in Internet cafe's and coffee shops. Connect to secure WiFi networks where possible. Disable or turn off WiFi when not in use.
- Disable or turn off Bluetooth and infrared features when not in use. When in use, set them to be non-discoverable to render them invisible to unauthenticated devices.
- Keep your device's operating system software and applications that you installed on it current with all patches and updates. Select the automatic update option if available. Most devices will alert you that there are updates that need to be downloaded. Do not ignore the notices. Update all applications and services in a timely manner.
- Avoid storing and transmitting personally identifiable information, work related data, and confidential information from and to your device. If you need to do this, use a secure mechanism such as a VPN for transfer of information and encrypt the information when it is stored on your device.
- Use appropriate methods of sanitization and disposal when you no longer have a use or need your mobile device. Be sure to erase or wipe the data from your device; simply deleting the data will not completely remove it from the device's storage. This is especially important if you trade in the device to upgrade to a better device, give the device to a friend or family member, or sell the device to a third party.
- Use appropriate security measures to protect your mobile device and data from loss or theft.
- Never leave your device unattended. Know its whereabouts at all times.
- If your device should become lost or stolen, report it immediately to the proper authorities.
- If you send and receive NDSU email or store NDSU related data on your mobile device, notify the NDSU Help Desk immediately; they will assist you with remotely wiping the data from the device.
- Back up your data on a regular basis.
- Use care when downloading and installing apps and services to your device. Ensure that you are downloading from a reputable Web site or from the device's "app store."
- Be cautious when opening unsolicited emails, text messages, and when clicking on links or attachments contained in those messages.
- Stay current on emergying threats and vulnerabilities for mobile devices. A good resource for reference is US-CERT.
- Configure your mobile device to be secure and safe
April 15, 2014
The Internet was stunned to learn of a significant vulnerabilty to security this last weekend. OpenSSL, an application that is used by software and services throughout the Internet for authorization of legitimate websites was found to have a core flaw. Essentially anyone from anywhere could send a specially crafted packet to a service or site using OpenSSL, asking if the server is still accepting communications and the server would return up to 64 Kilobytes of what was in its memory at the time of request. This return could be username and passwords, or documents, or even security certificates. The OpenSSL foundation responded and fixed the core code of OpenSSL, but there are still hundreds of thousands devices, or services that still are running the old version of the software. Please check for updates on your devices, and change any passwords for sites you maybe concerned about. However, only change those passwords after a site has patched their services, and revoked their old security certificate and created a new one.
December 5, 2013
Over 2 Million passwords to popular webpages discovered.
In Mid June, Trustwave Spiderlabs researchers were able to view information in the Pony Botnet controller that indicated that there were over 650,000 website credentials that had been harvested by this particular botnet, which, is fairly widespread. On Tuesday they announced that upon a more detailed look that over 2 million passwords have been harvested by this botnet. Many of these services have now been notified and they are taking corrective action on those accounts that have been compromised.