January 28 is Data Privacy Day. Throughout the months of January and February, the EDUCAUSE Cybersecurity Initiative will highlight higher education privacy issues. To learn more, visit StaySafeOnline.
Gone are the days when we were tied to large desktops to access data. Mobility provides great flexibility in how we work, communicate, and share information, whether we are on campus, at home, at a local coffee shop, or in another country thousands of miles away. But increased mobility also presents greater privacy and security challenges that user communities need to be aware of when using or accessing data remotely.
Here are five tips to share with your user communities during Data Privacy Month on how to protect their data when mobile.
Tip #1: Avoid Keeping Unnecessary Data
The best way to protect data is not to have it. While data is prevalent in our everyday lives and work, many people retain sensitive data longer than necessary on their laptops, mobile devices, or USB drives. Keeping unnecessary data creates risks in terms of data exposure, both to the individuals whose data you have retained and to your institution.
You should periodically assess whether data stored on your mobile devices is necessary for you to perform your job duties, conduct research, pursue educational interests, or for other reasons. If you no longer need the data, you should consider securely deleting it. There are many tools, depending in part on your operating system, to securely delete electronic files.
Likewise, when disposing of a mobile device or other computer equipment, make sure to securely remove any sensitive data and securely dispose of the device.
Note, however, that you should not delete information that falls within your college or university’s records-retention requirements, nor should you destroy any information if there is an actual or likely claim, lawsuit, government investigation, subpoena, summons, or other ongoing matter involving such data. When in doubt, retain the information, keep it secure, and seek appropriate guidance from the appropriate administrator at your institution.
Tip #2: Secure Your Mobile Devices
Work computers are typically managed by an organization’s IT department. One of the benefits of this configuration is that it enables the IT department to install the latest or most critical software updates when they are released. The timely installation of updates is vital to protecting the privacy and security of both your personal data and that of your college or university.
Unfortunately, many home computers, laptops, and other personal mobile devices are not nearly as well maintained. Far too often, people’s home computers are weeks, months, or even years behind in vital updates. This leaves them vulnerable to hackers, spyware, and other forms of malicious attacks. Security updates or patches in particular need to be installed soon after vulnerabilities are announced. Cyber attackers look to exploit publicly announced security holes because they know that people generally are slow to install updates.
A great way to ensure that your laptop and other mobile devices stay updated and secure is to turn on the automatic update feature in operating systems and applications. You will be relieved of the burden of having to remember to manually install updates, and critical updates will be installed in a timely manner. The benefits of keeping your computer secure by automatically installing updates far outweigh any concerns. Each operating system and application has a method of turning on automatic updates. Check the Help, About, or Information menu for each operating system and application for additional instructions.
You should also be especially careful about data you store on portable devices such as laptops, USB drives, and smartphones, which are easily lost or stolen. Requiring a passcode to unlock these devices is an important first step, but you should also consider extra protections such as encryption or remote file deletion.
You may also want to protect your data by working on a dedicated computer that no one else uses, or create a separate user account and data storage area on your device’s hard drive that will be reserved for work-related data.
Tip #3: Don’t Access Private Information Using Public Wi-Fi Networks or Computers
While traveling, don’t use unsecured wireless hot spots at hotels, airports, coffee shops, or other public areas. On these networks, malicious users can potentially access e-mail and web data as it is delivered to your computer (depending on your applications settings).
Your password can also be exposed in a variety of ways when traveling, from keystroke loggers on public computers and kiosks, such as those found in hotels and airports, to the unintentional introduction of malicious software on your personal device upon establishing an untrustworthy network connection.
Tip #4: Take Advantage of Your Mobile Device’s “Lost and Found” Capabilities
It’s easy to lose your mobile device. Fortunately, there are features built into the most recent versions of several mobile operating systems that can help you locate your missing device.
Before your device goes missing, it’s important to make sure you have associated the device with an account that can aid with subsequent retrieval (this occurs on first login with Android and Windows Phone devices, or after activating iCloud with iOS devices).
Later, if you believe you have simply misplaced your mobile device, you can go online, log in to the account service associated with your device, and prompt your device to emit an audible signal to assist you in locating it. As long as your device is turned on and connected to the Internet, it will emit a sound, even when its audio settings have been muted or its screen is asleep. If your missing device is signaling its location, you may also be able to view the approximate location of your device on a street map.
If these features lead you to believe someone else has your mobile device, you should never attempt to retrieve it from an unknown party. Instead, immediately contact the police to request assistance in retrieving your missing device and the information it contains.
To learn more about options to remotely locate, lock, or erase your device on Android, iOS, or Windows Phone devices, look up Android Device Manager, Find My iPhone, or Find My Phone, respectively.
Tip #5: Enroll in Two-Factor Authentication Programs When Possible
Last, but certainly not least, consider enrolling in two-factor authentication (if available) when accessing certain applications or websites. Two-factor authentication protects you by requiring both a password and a code generated on your mobile phone when someone (hopefully you) seeks to log in to an account or service. It is typically easy to set up, has little impact on your day-to-day experience, and is a powerful antidote to stolen passwords by notifying you when access is being sought to a protected account or application.
Increased mobility does not have to come at the expense of security and privacy protections. Taking these simple steps will help you protect your privacy while on the go.
Scott D. Schafer is the university privacy officer at the University of Pennsylvania.
© 2017 University of Pennsylvania. This EDUCAUSE Review blog is licensed under the Creative Commons BY-NC-SA 4.0 International license.