Cell phones get lost, stolen, or compromised every day. Imagine the following scenario – executive loses his or her personal digital assistant (PDA or Smart Phone) while traveling. The PDA contains email including sensitive information that could put the University at risk or be seen in an unfavorable light. Hours later the information has been posted on the Internet and lawsuits are pending.
Today’s advanced cell phone technology is putting data at risk. Mobile devices are easily lost or stolen. They are accessible via a number of methods, including the cellular network, Bluetooth, and Wi-Fi so there is a threat of remote control. They have limited battery life and constrained processor power which makes them difficult to add additional protection. This being said, there are things you can do to protect the data on your Smart Phone or PDA.
How can you protect the data on your Smart Phone or PDA?
Physical Security Tips –
- Properly store your device when traveling
- Don’t make it easy for someone to walk away with your device
- Keep removable storage separate from the PDA when traveling
Configuration Settings –
- Make sure your contact information is displayed on the device (in the owners fields) or place your business card in your case (make it easy for an honest person to do the right thing)
- Use a password (device lock feature) or
- Activate the SIM PIN (you must enter the PIN supplied with your device each time it is turned on or insert the SIM into another device)
- Turn off the “blue tooth” feature when not in use (this also saves on battery life)
Best Practices -
- Delete old email, SMS messages, old data from your device regularly
- Only store the files you actually need
- Avoid storing sensitive data if at all possible
- Wipe all data when getting rid of your device (see note below on wiping your cell’s data)
- Purchase additional software to protect your data (see PDA & Smartphone Security Software below)
Wiping your cell phone or PDA’s Memory
People store PINs, passwords, and other sensitive information on their cell phone or PDA and are likely to trade them in frequently for newer models. Wiping all information off of a cell phone or portable device can be difficult. Both of these issues put data at risk.
To get rid of everything on your device you may need to use multiple reset commands. Email, text messages, phone numbers, call timers, and call logs may each have their own setting that may not be easy to find in the complex menus.
ReCellular- a cell phone recycling service, has some good information at The Cell Phone Data Eraser Page that lets you choose your brand and model device and gives you the commands you need to delete all data.
PDA & Smartphone Security Software
A number of security companies provide software for mobile devices (see list below). These tools are scaled down, designed with limited functionality so they don’t drain the battery. Industry experts expect that the next generation of solutions for securing mobile devices will be hardware-based, built into the device. Phones with hardware security aren’t yet available to consumers but are expected within the next year or so.
Blackberry PDA’s have the option for content protection, which when enabled encrypts user data on the device (requires the smartphone’s password to decrypt the data).
OTIS will be testing a version of SafeBoot for portable devices in the next few weeks (more information may be forthcoming).
Other Security Software available today:
What should you do if you lose your device?
If you are using a Blackberry or Treo device that connects to System Administration’s BES or Good server contact OTIS immediately. If the server can locate the device (it must be powered on, and on the wireless network) it can be wiped and/or locked.
If your device contained sensitive information please report the loss to the Information Security Officer at extension 4590.
If you have questions, comments or suggestions for OTIS about this or other articles, please email questions@utsystem.edu.
