October is National Cybersecurity Awareness Month 2019

Welcome to National Cybersecurity Awareness Month 2019. Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to ensure every American has the resources they need to stay safe and secure online while increasing the resilience of the Nation against cyber threats. 

Themes and Key Messages for October 2019 This year’s overarching theme is “OWN IT. SECURE IT. PROTECT IT.” NCSAM will emphasize the role each individual plays in online safety and stress the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. 

In support of this national cybersecurity initiative Manhattan College will be releasing weekly tips on our blog aimed at raising awareness on this important topic.

“OWN IT.” Understand your digital profile. Internet-based devices are present in every aspect of our lives: at home, school, work, and on the go. Constant connection provides opportunities for innovation and modernization, but also presents opportunities for potential cybersecurity threats that can compromise your most important personal information. Understand the devices and applications you use every day to help keep you and your information safe and secure. 

“SECURE IT.” Secure your digital profile. Cybercriminals are very good at getting personal information from unsuspecting victims, and the methods are getting more sophisticated as technology evolves. Protect against cyber threats by learning about security features available on the equipment and software you use. Apply additional layers of security to your devices – like Multi-Factor Authentication – to better protect your personal information. 

“PROTECT IT.” Maintain your digital profile. Every click, share, send, and post you make creates a digital trail that can be exploited by cybercriminals. To protect yourself from becoming a cybercrime victim you must understand, secure, and maintain your digital profile. Be familiar with and routinely check privacy settings to help protect your privacy and limit cybercrimes. 

Be Secure Online! Refer to Manhattan College's Cyber Safety site for additional resources.

Refer to Manhattan College's Email Signature Knowledge Base 

Article for instructions on how to create your own email signature.

Using a Manhattan College email signature is important because it is the perfect opportunity to brand every message you send. By creating a cohesive email signature for each employee on your team, you create brand recognition in every person to whom your employees sends emails. 

Partially reposted from National CyberSecurity Awareness Month ToolKit 2019

Information Security To Go!

Protect your data and devices when you travel.

Almost 88 million Americans traveled abroad in 2017, and whether for business or personal use, our technology devices seem indispensable during our travels. Unfortunately, traveling with devices also means that you must take care to protect those devices—and the data contained on them—while you are away from home. That preparation begins before you leave, and you may need to restore settings when you return.

Many people love the adventure that traveling provides: meeting new people, seeing new places, and having new experiences are part of the allure. Technology makes it easier than ever to satisfy our wanderlust. We can use our connected devices to discover the exotic locales we wish to visit, book tickets on planes and trains, practice driving virtually, and seamlessly navigate once we get to our final destination. For all this ease that technology brings, we should prepare our technology for travel as carefully as we plan our travel itineraries.

Travel tips

• Back-up your data! Backing up your data ensures that you won't lose information if your device is lost or stolen. Consider encrypting your data as well, but check with your IT support staff first about how best to implement encryption.
• Protect your devices with a strong password or lengthy passcode. Sometimes devices get lost or stolen, even when we are being careful. By protecting your device with a passcode or lengthy password, you make it harder for your device to be used and data to be accessed by others.
• Make sure your devices and applications are up to date. Keep your applications and devices up to date and patched. This helps protect your device and data from security vulnerabilities and threats.
• Just say no to unsecured public Wi-Fi. Having a wireless connection is almost a necessity for the modern traveler. However, using an unsecured public Wi-Fi hotspot can allow others to view the contents of your electronic activity. Never access your sensitive financial accounts from an unsecured network. If you must access sensitive data from an unsecured network, be sure that you use a VPN service.
• Double check your MFA settings. Many of us rely on multifactor authentication (MFA) to secure both personal and work-related accounts. Be sure that you know how (or if) that will work in the countries that you are visiting. For instance, if your MFA relies on SMS, be sure that you will be able to receive that message in the destination that you are visiting. If the option is available to you, consider using a physical token option to ensure you'll be able to login to your accounts.
• Update your physical location with your password vault. Many people use password vaults to manage all of their account passwords. Don't be surprised if your password vault requires additional verification steps when logging into it from a location that is not in your home country. (After all, we count on these vaults to be secure!) Check the vendor documentation or your account settings to make sure that there are no country restrictions or settings that you need to change before your trip. Also double-check that you're able to access your recovery/secondary email address just in case there is an issue.
• Consider leaving your daily devices at home. If you are traveling to a location where you are concerned about your individual privacy rights, consider leaving your primary mobile device at home and purchasing a replacement device to take with you instead. Put only the apps, services, and data that you need for that trip on the device. Some businesses and colleges and universities offer programs where a traveler can check out a "clean laptop" when traveling for business purposes. Using these types of devices help limit any exposure of your personal data. Check your data plan as well. A "burner phone" or car GPS may be cheaper.
• Be smart about posting on social media. It is always fun to post vacation pictures in the moment, but online postings on social networks (e.g., Twitter, Facebook, Instagram, Snapchat, etc.) can let other people know that you are not at home and that your home may be empty. Posting vacation pictures on social media once you are safely home helps protect your physical belongings.
• Use hotel safes to protect your technology. Here's another place where there is an overlap between online safety and physical safety. Just like you would put your passport, jewelry, and money in a hotel safe, consider using that safe to hold your electronic devices when you are not carrying them with you. Not only are the devices themselves expensive to replace, your personal data contained in the device can be irreplaceable (especially if you skipped the first tip on this list).
• Remember your adapters! Make sure you have power adapters that will work with three-prong plugs and that they fit the country's outlets. Some travel adapters only accept two-prong plugs. (If you're attending a conference, you may be able to borrow a charging cable temporarily.) Outlets also vary, even, for example, between the UK and Ireland. Your technology gadgets are not very helpful when they run out of charge or cannot be powered on. Charge and take a portable battery pack.
• Mind your voltage! Like plug types, different parts of the world use different voltages. Make sure that your technology devices can run on the voltage used at your destination. Getting shocked with 220V is not the same as 110V.

As surely as you can reduce wrinkles in your clothing with careful packing, so too can you avoid the most common technology travel woes by preparing before you leave home.

Refer to Manhattan College's Cyber Safety Site site for additional resources.

Refer to Manhattan College's Email Signature Knowledge Base Article for instructions on how to create your own email signature.

From The Barefoot Nomad's How Not to Fry Your Smartphone Overseas: A Quick Guide

Partially reposted from Educause September 2019: Information Security To Go!

Keeping Tabs on Mobile Devices

As we roll out campaigns and educate our community on cybersecurity, we need to help make sure everyone understands and keeps in mind physical security risks. Because of the portability of devices, users have laptops, smartphones, and tablets with them when they are on the go, whether it is a trip to the coffee shop or a trip across the country. Make sure to secure your mobile devices to protect the device and the data it contains. Here are resources to help remind our community not to skip out on physical security!

With an increasing amount of sensitive data being stored on personal devices, the value and mobility of smartphones, tablets, and laptops make them appealing and easy targets. These simple tips will help you be prepared in case your mobile device is stolen or misplaced.

• Secure those devices and backup data! Make sure that you can remotely lock or wipe each mobile device. That also means backing up data on each device in case you need to use the remote wipe function. Backups are advantageous on multiple levels. Not only will you be able to restore the information, but you'll be able to identify and report exactly what information is at risk. (See Good Security Habits for more information).
• Never leave your devices unattended in a public place or office. If you must leave your device in your car, place it in the truck, out of sight, before you get to your destination, and be aware that the summer heat of a parked car could damage your device.
• Password-protect your devices. Give yourself more time to protect your data and remotely wipe your device if it is lost or stolen by enabling passwords, PINs, fingerprint scans, or other forms of authentication. (See Choosing and Protecting Passwords.) Do not choose options that allow your computer to remember your passwords.
• Put that shredder to work! Make sure to shred documents with any personal, medical, financial, or other sensitive data before throwing them away.
• Be smart about recycling or disposing of old computers and mobile devices. Properly destroy your computer's hard drive. Use the factory reset option on your mobile devices and erase or remove SIM and SD cards.
• Verify app permissions. Don't forget to review an app’s specifications and privacy permissions before installing it!
• Be cautious of public Wi-Fi hot spots. Avoid financial or other sensitive transactions while connected to public Wi-Fi hot spots.
• Keep software up to date. If the vendor releases updates for the software operating your device, install them as soon as possible. Installing them will prevent attackers from being able to take advantage of known problems or vulnerabilities. 

Keeping Tabs on Mobile Devices

Partially reposted from Educause July 2019 Keeping Tabs on Mobile Devices

How to Use Social Media for Good—Safely Creating a Positive Presence Online

Our social networks tell a story about us. You want to make sure that the story your social media tells about you is a good one. As articulated in a blog from the the Digital Marketing Institute: "Sharing online allows you to craft an online persona that reflects your personal values and professional skills. Even if you only use social media occasionally, the content you create, share, or react to feeds into this public narrative. How you conduct yourself online is now just as important as your behavior offline."

A positive online reputation is vital in today's digital world. Like it or not, your information is out there. What you can do is help to control it and what it says about you.

Social media is so ingrained in our society that almost everyone is connected to it in some form. With every social media account you sign up for, every picture you share, and every post you make, you are sharing information about yourself with not only your friends and family but the entire digital world. How can you make sure your information and reputation stay safe online? Here are a few easy steps to get you started.

• Keep it clean and positive. Be entirely sure about what you're posting. Make sure to post content that you feel positively reflects you, your creativity, your values, and your skills. Remember that future employers may look at your social media accounts before hiring you. Questionable content can leave a bad impression; this can include pictures, videos, or even opinions that make you seem unprofessional or mean and may end up damaging your reputation.
  Always think before you post or share negative or inappropriate content. Use the 24-hour rule before posting, allowing yourself 24 hours before posting any content that may be questionable to give yourself time to reflect on whether it is a good idea.
• Oversharing and geotagging. Never click and tell. It can seem like everyone posts personal information on social media all the time, including where they are and where they live. As noted on the DHS.gov site: "What many people don't realize is that these seemingly random details are all criminals need to know to target you, your loved ones, and even your physical belongings—online and in the real world. Avoid posting names, phone numbers, addresses, school and work locations, and other sensitive information (whether it's in the text or in the photo you took). Disable geotagging, which allows anyone to see where you are—and where you aren't—at any given time."
  If you really want to post that picture of your friends at brunch, consider following the concept of #latergram and post your content at a later time than when it actually happened. It is a win-win. You get to share your experience and at the same time still maintain the privacy of your location in real time.
• Don't rely on privacy settings. You have a private social media account so you can post anything you want? Nope. Privacy settings make it harder to see your full account, but it's not impossible. Also, there is always the chance that one of the people with access to your private account could screenshot and share the content.
  Make sure to keep your social media apps up to date and check the privacy settings frequently. Under no circumstances should you rely on privacy settings to shield inappropriate content. If there is any question that the content is inappropriate, don't post it.
• Make sure you're professional. Keep it classy! Every post is a reflection of you. Your social media accounts allow you to put your best foot forward or stumble if you aren't careful. A positive social media presence can help create both personal and professional opportunities. Promote your personal brand or what you want people to think of you. And, your high school English teacher was correct—proper spelling and grammar are always a plus.
• Control your content. Claim your identity on social media. Set up social media accounts and keep the profiles current. You don't have to join every platform; a few key ones will do. You can also look into apps that will cross post the content to all of your social media accounts, freeing up some of your valuable time. Use your accounts to engage professionally and personally in a positive way.
  Your social media accounts should tell the story of you that you want employers and others to see. Google your own name on a regular basis to make sure that that information out there is accurate. If you find incorrect information online, request that the website update it or take it down.

If you follow these few simple recommendations, you are on your way to safely building a positive online reputation. Using social media positively doesn't mean you can't have fun and use it to express yourself; however, you want to ensure that you're okay with anyone seeing everything you post. Once you post something online, it's out there forever.

Partially reposted from Educause Security Awareness Campaign 2019 Materials

Data Privacy in an Era of Compliance

January 28 is Data Privacy Day. Data privacy for individuals means reviewing privacy settings on social media, being mindful of entering data into websites, and taking ownership of one's online identity. Data privacy for higher education institutions extends these principles to caring for other people's data, from collection, processing, sharing, and storing to destruction. 

The internet is full of data about you. Whenever you play a game, shop, browse websites, or use any of numerous apps, your activity and some of your personal information may be collected and shared.

Similarly, the business of higher education requires us to collect, process, and store the digital information of others. Whenever we handle such information, we need to think about how we want our own information treated and treat other people's data with the same care and respect.

Protect yourself by following these tips:

• Know what you are sharing. Check the privacy settings on all of your social media accounts; some even include a wizard to walk you through the settings. Always be cautious about what you post publicly.
• Guard your date of birth and telephone number. These are key pieces of information used for identity and account verification, and you should not share them publicly. If an online service or site asks you to share this critical information, consider whether it is important enough to warrant it.
• Keep your work and personal presences separate. Your employer has the right to access your email account, so you should use an outside service for private emails. This also helps you ensure uninterrupted access to your private email and other services if you switch employers.

Protect the information, identity, and privacy of others by following these tips:

• Know what policies are in place at your institution. A privacy policy governs how the institution collects, processes, stores, and deletes the personal data of constituents; a data classification policy governs how the institution organizes the data it interacts with and what rules are in place for processing it; and an information security policy articulates how the institution governs and prioritizes information security activities. For reference please review the Manhattan College Data Security Policy
• Keep constituents' personal information confidential and limit access to the data.
• Only use data for its intended purpose. If you need to use data for another reason, always check relevant resources and policies first for guidance.
• Destroy or de-identify private information when you no longer need it.

Partially reposted from: Educause Blog January 2019: Data Privacy in an Era of Compliance

Step Up to Stronger Passwords

Weak and reused passwords continue to be a common entry point for account or identity takeover and network intrusions. Simple steps and tools exist to help your end users achieve unique, strong passwords for their dozens of accounts. Help your community members improve their individual and collective security by sharing the following tips.

A password is often all that stands between you and sensitive data. It’s also often all that stands between a cybercriminal and your account. Below are tips to help you create stronger passwords, manage them more easily, and take one further step to protect against account theft.

• Always: Use a unique password for each account so one compromised password does not put all of your accounts at risk of takeover.
• Good: A good password is 10 or more characters in length, with a combination of uppercase and lowercase letters, plus numbers and/or symbols — such as pAMPh$3let. Complex passwords can be challenging to remember for even one site, let alone using multiple passwords for multiple sites; strong passwords are also difficult to type on a smartphone keyboard (for an easy password management option, see “best” below).
• Better: A passphrase uses a combination of words to achieve a length of 20 or more characters. That additional length makes its exponentially harder for hackers to crack, yet a passphrase is easier for you to remember and more natural to type. To create a passphrase, generate four or more random words from a dictionary, mix in uppercase letters, and add a number or symbol to make it even stronger — such as rubbishconsiderGREENSwim$3. You’ll still find it challenging to remember multiple passphrases, though, so read on.
• Best: The strongest passwords are created by password managers — software that generates and keeps track of complex and unique passwords for all of your accounts. All you need to remember is one complex password or passphrase to access your password manager. With a password manager, you can look up passwords when you need them, copy and paste from the vault, or use functionality within the software to log you in automatically. Best practice is to add two-step verification to your password manager account. Keep reading!
• Step it up! When you use two-step verification** (a.k.a., two-factor authentication or login approval), a stolen password doesn’t result in a stolen account. Anytime your account is logged into from a new device, you receive an authorization check on your smartphone or other registered device. Without that second piece, a password thief can’t get into your account. It’s the single best way to protect your account from cybercriminals.

**Please note: this option is not available for Manhattan College accounts but should be considered for external (personal) accounts.

How to pick a proper password.

Partially reposted from http://er.educause.edu/blogs/2016/11/may-2017-step-up-to-stronger-passwords

Where is Your Student Data Stored and How is it Being Secured?

Best Practices to Guard against Cyber Threats, Especially from Third-Party Vendors

By John Ramsey
National Student Clearinghouse Chief Information Security Officer

The National Student Clearinghouse, EDUCAUSE and the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) released today the white paper, “Cybersecurity: Why It Matters to Registrars, Enrollment Managers and Higher Education,” to kick off October as National Cybersecurity Awareness Month.

Registrars and enrollment managers play central roles in an institution’s cybersecurity posture. The choices they make each day directly affect student data security. Yet there can be a disconnect between that data’s primary custodians and the information technology (IT) department that manages the systems on which the information is stored. It is imperative that both the registrar’s office and enrollment management office are in lockstep with the IT department with respect to the institution’s cybersecurity efforts, to guard against cyber threats, especially from third-party vendors.

Also, if administrators are using third-party vendors, where is student data stored and how is it being secured? If registrars and enrollment managers do not know, it’s time to find out. This is the only way they can fulfill their responsibility as a careful steward of student data.

The most important cost to keep in mind is the long-term cost that students face after they have had their personal information stolen, which can translate into lifelong negative effects if their data is used.

The white paper is based on the Clearinghouse’s 25-year record of maintaining the confidentiality and privacy of student records and frequent cybersecurity conversations with registrars, enrollment managers and other institution officials, EDUCAUSE and REN-ISAC’s cybersecurity work over many years, and current best practices expressed in two recent major reports.

To learn about other best practices to guard against cyber threats, especially from third-party vendors, review “Cybersecurity: Why It Matters to Registrars, Enrollment Managers and Higher Education” today for guidance from the Clearinghouse, EDUCAUSE and REN-ISAC.

If administrators are using third-party vendors, where is student data stored and how is it being secured? If registrars and enrollment managers do not know, it’s time to find out.

partially reposted from: National Student Clearinghouse Blog, Oct 1, 2018

Do You Have a Personal Backup Plan?

Most of us would like to say that we are extremely diligent about protecting our data and backing it up on a regular basis. However, we know that this is not always the case. 

Fortunately, backups are easier than ever before thanks to a plethora of options available to most end users. It is critical to create a backup plan for important files and make sure those backups are stored in a separate location (physically or in the cloud) so you can avoid losing valuable information if your computer is lost, stolen, compromised, or simply fails to turn on one day. 

When it comes to backups, just like security, you want to find a balance of being thorough but efficient. We have all heard disastrous stories of losing homework due to the blue screen of death or a misplaced cell phone that tragically stored the only copy of family photos. In addition, you could fall victim to ransomware or another malicious attack that leaves you with no choice but to reinstall your computer's operating system (OS). It never hurts to consider your backup strategy and come up with a plan that leaves you feeling safe and secure. Here are some tips to get you started.

• Data loss happens all the time, but it is entirely preventable. You just need to create a backup plan.
• Your critical data should never reside in a single place.
• The ideal backup strategy will typically include both an online backup service (Google Drive) to ensure your data is secure no matter what happens to your mobile device or computer.
• Running consistent, automatic backups is a straightforward process that will take little time to set up and will require even less to maintain.
• Backups can be configured to run in real time when files on your computer are changed.
• Routinely test your backup solution to ensure you can recover your data in the event that you do actually need to restore from a backup.

Manhattan College IT Services provides unlimited cloud storage with your JasperNet credentials to faculty, staff and students so you can back up your files. If you upload your files to Google Drive you can access them from anywhere. IT Services recommends Google Drive File Stream for storage and back up of files.

Source: STOP. THINK. CONNECT. 

Partially reposted from September 2018: Do You Have a Personal Backup Plan?

Spring Cleaning—Be Green, Not Blue

As you upgrade your personal devices to the newest options, do you recycle the old equipment? Being green shouldn't make you blue. Take steps now to remove anxiety later that forgotten sensitive files on your last laptop could become a source of embarrassment or identity theft. Trying to securely delete data at the time you decommission equipment can turn into a multihour chore and a source of stress, but it doesn't need to be that way.

Make sure saved copies of your tax filings, personal photos, and other sensitive files can't be retrieved by the next person with access to your computer's drive by making the drive unreadable to anyone else. Dragging files to the trash or recycle bin doesn't remove data—it just removes the retrieval path to the file and marks that storage space available for other data to occupy sometime in the future. Your pirate treasure is still buried, but the map is missing. "Secure file deletion" functions go a step further to overwrite the data in those locations with random bits immediately.

The introduction and growth of solid state drives in consumer electronics, however, makes overwriting the data in these spaces less dependable than in the standard hard drives of the past. Today's "delete/overwrite" protection comes most reliably from full disk encryption (aka whole disk encryption), which encrypts all data on the machine—including the operating system and temporary files you weren't even aware you created. Follow the motto of a famous infomercial to "set it [full disk encryption] and forget it [the password/key]!" Even if someone removes the drive and puts it into a different machine, the encryption remains in place.

• Plan A: Encrypt the full disk now using built-in functionality. Create a strong passphrase or password, since this becomes the decryption key! Everything will be encrypted, including the operating system, so you will have to "unlock" the encrypted drive with your personal passphrase every time you start or boot up your computer. Save the generated recovery key somewhere secure (like a password manager or printout stored in a secure office), in case you forget your password and need to access the data on that machine. Here are instructions for some of the most common built-in encryption functions: 
• FileVault2 (Mac OS) 
• BitLocker (Windows 10 and Windows 8 Professional)
• BitLocker (Windows 7 Ultimate)
• Plan B: If full disk encryption wasn't a built-in option, find a free or fee version of full disk encryption software that works with your operating system and personal capability. Check your favorite review sites or try Slant for recommendations.
• Failsafe: Remove and destroy the drive (Geek Squad offers a three-minute tutorial on hard drive disposal). Most retail stores that accept computer donations for safe recycling will remove the drive and give it to you for secure destruction—just ask them to do that. Hold onto the drive until there's a secure shredding event at work or in your community.

partially reposted from:  https://er.educause.edu/blogs/2017/9/april-2018-spring-cleaning-be-green-not-blue

How to Protect Your Data and Devices While Traveling with Tech

Due to enhanced security measures in most countries, travelers with tech should be prepared for possible disruptions or additional wait times during the screening process. Here are some steps you can take to help secure your devices and your privacy.

Good to know:

• While traveling within the United States, TSA agents at the gate are not allowed to confiscate your digital devices or demand your passwords.
• Different rules apply to U.S. border patrol agents and agents in other countries. Federal border patrol agents have broad authority to search everyone entering the U.S. This includes looking through any electronic devices you have with you while you are traveling. They can seize your devices and make a copy for experts to examine offsite. Learn more from the Electronic Frontier Foundation about digital privacy at the U.S. border.

Protect your tech and data when traveling:

• Travel only with the data that you need; look at reducing the amount of digital information that you take with you. This may mean leaving some of your devices at home, using temporary devices, removing personal data from your devices, or shifting your data to a secure cloud service. Authorities or criminals can't search what you don't have.
• Most travelers will likely decide that inconvenience overrides risk and travel with electronic devices anyway. If this is the case, travelers should focus on protecting the information that they take with them. One of the best ways to do this is to use encryption. Make sure to fully encrypt your device and make a full backup of the data that you leave at home.
• Before you arrive at the border, travelers should power off their devices. This is when the encryption services are at their strongest and will help resist a variety of high-tech attacks that may attempt to break your encryption. Travelers should not rely solely on biometric locks, which can be less secure than passwords.
• Make sure to log out of browsers and apps that give you access to online content, and remove any saved login credentials (turn off cookies and autofill). This will prevent anyone from using your devices (without your knowledge) to access your private online information. You could also temporarily uninstall mobile apps and clear browser history so that it is not immediately apparent which online services you use.

Get your device travel ready:

• Change your passwords or passphrases before you go. Consider using a password manager if you don't use one already.
• Set up multifactor authentication for your accounts whenever possible for an additional layer of security.
• Delete apps you no longer use.
• Update any software, including antivirus protection, to make sure you are running the most secure version available.
• Turn off Wi-Fi and Bluetooth to avoid automatic connections.
• Turn on "Find My [Device Name]" tracking and/or remote wiping options in case it is lost or stolen.
• Charge your devices before you go.
• Stay informed of TSA regulations and be sure to check with the State Department's website for any travel alerts or warnings concerning the specific countries you plan to visit, including any tech restrictions.
• Clear your devices of any content that may be considered illegal or questionable in other countries, and verify whether the location you are traveling to has restrictions on encrypted digital content.
• Don't overlook low-tech solutions:
  • Tape over the camera of your laptop or mobile device for privacy.
  • Use a privacy screen on your laptop to avoid people "shoulder surfing" for personal information.
  • Physically lock your devices and keep them on you whenever possible, or use a hotel safe.
  • Label all devices in case they get left behind!

These guidelines are not foolproof, but security experts say every additional measure taken can help reduce the chances of cybertheft.

Partially reposted from https://er.educause.edu/blogs/2017/9/march-2018-how-to-protect-your-data-and-devices-while-traveling-with-tech

Mobile Devices Won't Secure Themselves!

Mobile security at one time meant using a laptop lock and keeping tabs on your phone. However, the growing capabilities and use of mobile devices — coupled with the ubiquity of smart devices stitched into the very fabric of our daily lives (figuratively and literally) — now require a more sophisticated defense-in-depth approach to match the growing threat. Following are a few things you can do to protect your devices and personal information on campus, at home, or at work.

• Secure your devices with a strong password, pattern, or biometric authentication. Check the settings for each device to enable a screen-lock option. For home routers, reset the default password with a strong one.
• Install anti-malware. Some software includes features that let you do automatic backups and track your device.
• Check your Bluetooth and GPS access. Disable these settings on all devices when not needed and avoid using them in public areas.
• Update your devices often. Install operating system and application updates when they become available.
• Review phone apps regularly. Remove any apps you don’t use. Be selective when buying or installing new apps. Install only those from trusted sources and avoid any that ask for unnecessary access to your personal information.
• Treat devices like cash! Don’t let your devices out of your sight or grasp. Maintain physical control of your device in public areas. Get a lock (alarmed is best) for your laptop and use it.
• Keep it sunny in the cloud. Whether using Google Drive, Dropbox, OneDrive, iCloud, Amazon Drive, or any of the many cloud options, set privacy restrictions on your files to share them only with those you intend. Protect access to your cloud drive with two-factor authentication.
• Create a secure wireless network. Configure your wireless router to protect your bandwidth, identifiable information, and personal computer. Secure it with proper set up and placement, router configuration, and a unique password, using the strongest encryption option. See http://www.wi-fi.org/ for more tips.
• Protect your Internet of Things (IoT) devices. Are you sharing your livestreaming nanny cam with the world? Review privacy settings for all Internet-ready devices before connecting them to the web.

Partially reposted from:  https://er.educause.edu/blogs/2016/11/december-2017-your-mobile-devices-wont-secure-themselves