Laptops and cellphones were once the sole domain of high-powered business executives, but thanks to the proliferation of high-speed internet and falling hardware prices, they are pervasive not only in professional environments, but in just about any walk of life. As you can probably guess, this also means an exponentially expanded attack surface for cyber criminals who are no longer focusing on traditional targets. Anyone who has a bank account or credit history is a potential victim, and younger targets can be exposed to potentially dangerous privacy invasions. Rather than enumerate the various ways in which your security and safety could be violated (we all have enough nightmares as it is), I’d like to focus on some positive actions you can take to make your mobile, digital life safer and more secure.
- Password protect your devices.
Even the most careful professional will misplace their mobile device on occassion. While passwords won’t stop determined hackers, it will keep most everyone else out until it can be recovered or remotely wiped. Laptops normally do not have remote wiping capabilities, so don’t stop at just a password for protecting these types of devices. - Use built-in apps, or purchase location-tracking software.
Late-model Android and iOS devices have location tracking and recovery capabilities built-in, but they must be enabled. You can add location tracking or a “phone-home” program to your laptop, but it requires the device to be connected to the internet in order for it to report its location. - Don’t store sensitive information on mobile devices.
With any portable device, the chance of it falling into the wrong hands is high. If you don’t have an IT department managing your device and controlling what can be stored on it, you should inventory what is stored on the device (sensitive client info, photos, personal financial data, passwords) and consider whether you need that information to be stored on that device. If you do, make sure you observe #4. - Encrypt any storage media.
All late-model Android and iOS devices have the capability to encrypt all data stored on the phone. It’s on be default on iPhones, but must be enabled manually on most Android devices. If you have to store sensitive data on your mobile device, make sure encryption is enabled and working. While it’s not completely necessary to encrypt your entire laptop hard drive, it is possible, and many financial service firms require it on their laptops. At minimum, store your sensitive data in an encrypted partition or folder, or on an encrypted thumb-drive. - Back up your data.
Do I even need to qualify this particular practice? Backups should be stored separately from the hardware being backed up. It should be transmitted and stored encrypted if it’s internet/cloud based. It should be as frequent as the minimum period of data loss you are willing to lose, e.g. if you can’t stand to lose an hours worth of work, your backups should run on an hourly basis. Be aware of the performance hits this may have on your hardware and network bandwidth. - Hide devices in parked cars or take them with you.
Mobile device thefts from parked cars is consistently at the top of all loss categories. Thieves know to target cars coming and going from office parks, universities, airports, and the retail/service businesses near these locations. Before you drive away from your work location to a Happy Hour or a quick bite or some grocery shopping, stow your laptop bag in the trunk or hide it in a hard to access part of the car. Don’t do this when you reach your destination, as the thief may already be there, watching for someone to do just that. If you can’t secure it or hide it properly, take it with you. - Add a leash.
If you are highly mobile and work from many locations, it’s easy to misplace your smaller electronics, and sometimes even laptops. Add a colorful leash to your thumb drives so you don’t forget them, and maybe even consider the same for your phone if you are prone to misplacing it. If you have to take your laptop bag with you to a place where you don’t plan to use it (because of #6), attach the strap to something you will be using at that location, whether it be to your jacket or purse, or even to your leg if you are sitting in a location with lots of noise or distraction. It’s easy to forget work-related tools when you are focused on non-work activities. - Be less conspicuous.
In open public places with crowds, conspicuous use of expensive mobile devices will flag you as a target for bold thieves. I’ve talked with victims whose laptops were pulled right out from under typing hands in a sidewalk cafe or picnic table, and have read numerous reports of smartphones and tablets being grabbed in broad daylight. If you want to work on your device in a busy environment, keep one eye on your surroundings, and place yourself and your device in a position where it will be less easy to snatch by a fleet-footed thief. - Educate your friends and family.
Even though you may be cautious and secure, the people around you can undo your careful preparations with carelessness or even well-meaning intent. Be mindful of everyone around you who might not be as savvy as you in technology, and choose carefully how you interact with them via email, social media, and even device sharing. Work laptops are notorious for being infected by family members who don’t have the same security concerns as you do. Quieting a young child with your smartphone may seem like a good idea at the time, but maybe there is some other way you can entertain them that doesn’t involve your work phone. - Report thefts/losses immediately.
Eventually, it will happen. Whether the device is stolen, damaged or infected and compromised, you should work immediately with the appropriate authorities and professionals to make sure you limit the damage, both to you and your organization, as well as any customers or clients who might be affected. Don’t wait.