Skip to Navigation
University of Pittsburgh
Print This Page Print this pages

October 10, 2013

Technology Corner: Not if, but when

CSSD

Maybe you’ve run into someone using the new iPhone’s fingerprint-reader security and now you wonder if your current strategy for keeping your smartphone safe — hiding it under a stack of file folders when you step out of the office — isn’t as up to date as it could be.

Not you? Good.

But we all need to review the security strategies we’re using for our smartphones and mobile devices.

In fact, we all need to be thinking about when our smartphones or tablets are stolen and/or breached — not if.

Layers

Pitt’s network — PittNet — is protected by such measures as firewalls and passwords, measures that can be centrally managed. But that’s just the first layer. Other layers of security can be added by individual user actions, such as installing Computrace Plus on laptops and setting desktop machines to “lock” automatically after a specified period of inactivity.

In today’s world, the most frequently used computers tend not to be the ones sitting on our office desks, but the ones we shove into pockets and slip into briefcases.

Smartphones and tablets hold access to private data: every piece of information in your contact list, every app with a saved password or credit card number, every document with critical agreements, etc.

Thieves and scam artists know that these devices are vulnerable. Just this summer, the United Nations’ International Telecommunications Union issued an alert regarding a newly discovered flaw in mobile devices’ basic security system. Over 500 million phones were affected.

As with your laptop or desktop computer, the key to strong security is taking advantage of a layered approach.

Protect yourself: Basic steps

Lock it. If you do nothing else, use the passcode feature on your smartphone or tablet and set up the phone to lock after X minutes of inactivity.

Yes, it’s one more step. It’s worth it.

Don’t use 1-1-1-1 and say you’ve locked it. We know that one; so does your average phone thief. Use a 4-digit number that isn’t obvious or use a longer passcode if your device supports it.

Don’t hack your phone. Your reasons for jailbreaking or rooting the phone — the increased access to modifications — is exactly why a jailbroken phone or tablet is no longer secure.

Trust, but verify. Install apps only from legitimate app stores, and check reviews before you install.

Just say no. Be conservative when it comes to app permissions. Use caution in permitting access to your personal information (location, contacts, etc.) or to functions like SMS/texting. Check the privacy settings for the app before and after you install it.

Update. Accept updates to operating systems and enable automatic updates; they include updated security features.

Still basic

SIM PIN. In addition to protecting your phone or tablet by locking it with a passcode, you should protect your SIM card with a PIN (personal identification number). While your locked smartphone cannot be used, its SIM card could be removed, placed in a different phone and your information exposed.

Back it up. Back up everything, regularly: your contacts, photos, documents and store them on a secure computer. Don’t remember the last time you backed up? Do it now.

Turn off Bluetooth. An open Bluetooth connection leaves you vulnerable to nearby hackers’ efforts. Turn it off when you’re not actively using the connection. Bonus: Turning off Bluetooth saves your battery.

Activate your integrated “Find my phone” apps. Android, Windows and iPhones have integrated location detectors so that when your phone is missing (lost or stolen), you can find out where it is, activate a sound to help you find it or remotely erase its contents. Go to Settings and Location Services to activate your device’s remote location detector: It can’t help you if you haven’t turned it on.

Secure use

• Think before you link. The wariness with which you approach websites on a large monitor applies to sites on your handheld device: Those links are just as dangerous.

Open WiFi = vulnerable smartphone. Limit use of public hotspots, and never use public hotspots when accessing personal or sensitive information. Your local coffee shop is not a good place to do online banking or place an order with your credit card.

When bad things happen to good smartphones

You’ve protected your phone or tablet with a passcode, and you’ve backed up everything regularly (see “Basic” and “Still basic” above), so when (remember: not “if”) your smartphone is lost or stolen, you don’t need to panic.

1. Use the remote location detector you’ve set up on your phone and track where it is. If you need to, use the remote lock or remote erase features. (Do not try to retrieve a stolen phone yourself: Call the police.)

Users who have synched their Pitt Exchange accounts to their mobile devices also can remotely erase the Exchange account data from their missing device. Open your account at exchange.pitt.edu, go to the Options link and select Mobile Devices.

2. When your phone is lost or stolen — or you think it might have been — report it. Wireless providers and the FCC maintain stolen phone databases, so report the theft to local law enforcement and to your wireless provider. With your permission, your wireless provider can “brick” your phone, ensuring that it’s unusable.

Five minutes can save your digital life

Because we all hope that bad things won’t happen to us, it’s human to ignore the simple steps we can take to protect ourselves. But optimism is no excuse. An unsecured smartphone or tablet leaves you unnecessarily vulnerable to serious breaches of privacy and of data and financial security.

Please take five minutes today to implement the security steps outlined here: Protect yourself by protecting your device.

Sean Sweeney is the University’s information security officer and the director of information security for CSSD.

Filed under: Also,Volume 46 Issue 4

Leave a Reply