Secure Mobile Data Against Loss, Theft and Unauthorized Access

Laptops, smartphones, and removable storage drives enable us to get information on the go.  We no longer have to be tethered to our desks to check our email, surf the web, or access files and information.  Advances in wireless communication have made communication mobile, but also made it easier for the unscrupulous to access our personal information.  Unless you secure your mobile data against loss, theft and unauthorized access, you are vulnerable.

How can you protect your mobile data?

  • Encrypt off-campus Wi-Fi transmissions using the Auburn VPN when possible.
  • Secure your USB Drive
    - Don't leave them behind in public labs
    Truecrypt - 3rd Party encryption method for removable storage
    - Wikipedia article on securing your USB drive
  • Use BitLocker To Go - this feature of Windows 7 gives the lockdown treatment to easily-misplaced portable storage devices like USB flash drives and external hard drives. This allows you to protect information stored on removable media with the same level of protection as the operating system volume.
  • Secure your laptop - don't make it easy for the bad guys: use a carrying case that does NOT look like a laptop bag and don't leave your laptop unattended. In the AU Library you can check out a lock for your laptop so you don't have to take it with you to the stacks. Taking things one step further, password protect your laptop and consider installing tracking software.
  • Secure your handheld device - your smartphone and tablet can be protected by simply setting a password on the device.

Additional Helpful Links

What to do if you lose your phone

Login to TigerMail online and go to Options > See All Options > Phone and select your device. Choose Wipe Device. Wait ten minutes, then contact your wireless provider to disable the phone.

If you were using your phone to check any email account via IMAP, change your password for that account. This will not remove the existing email from the phone, but it will prevent future nefarious usage of the account(s).

If you are an employee on the Blackberry Enterprise Server (BES) follow these steps:

  1. Immediately contact OIT by calling the HelpDesk at (334) 844-4944 or sending an email directly to besadmin@auburn.edu (Exchange Blackberry users). We can wipe out the data on your phone remotely. It can be restored later, but whoever finds your missing phone won't be able to read all of your email and other sensitive data in the meantime.
  2. Once OIT has verified the hard reset of your phone's data, call your service provider and disable the phone number so unauthorized calls cannot be made.

Don't reverse these steps. Once the phone is disabled, OIT won't be able to access it to perform step #1.

Wireless Safety in Public Hot Spots

People in Auburn have embraced the use of wireless networks. Unfortunately, online predators know this too. Using unsecured wireless networks can leave you computer, phone and handheld devices vulnerable to attack. Here are some tips when using a wireless network:

  • Only use legitimate hotspots (wireless access points) - make sure you know who owns the connection you are trying to access.
  • Use a VPN client - Download a free VPN client at AU Install.
  • Enable your personal firewall - Microsoft Windows users have a personal firewall installed.
  • Turn off your Android/iPhone's built-in Wi-Fi when you aren't using it or you may be auto-connecting to nearby wireless access points - plus it saves your battery!
  • Don't forget to secure your wireless network at home by enabling a password for the wireless router.  If you are in an area with many wifi hot spots or lots of residents near your wifi consider not broadcasting your SSID. 

 

 

Once Your Personal Info Is Online, It's There

  • Be careful what you share. Online communities such as Facebook and Twitter ask you for a username, email address, and password when you sign up. You may also be asked for more personal information, such as your birth date, occupation, home and work addresses, phone numbers, gender, marital status, and so on.

    Web sites want personal information because it helps them build community and enables them to provide advertisers with demographic information about their members, but whether to share those details is your decision. 

    Bottom Line: the more personal information you reveal online, the more vulnerable you are to scams, spam, and identity theft.

  • Be a minimalist. When signing up for free accounts like email, blogs, instant messaging, music or photo sharing, give only the required pieces of information.

  • Look before you post. Before you sign up with a social networking community, read the privacy policy. It may be really boring reading, but you need to find out how the site will use your personal info you supply when you sign up.

  • Don't go public. Many sites enable you to control who can see and comment on your blog. You don't let just anyone into your house; lock your profile too!

  • Think long-term. Once something is online, you can never delete it. Anything published on the Web could have been viewed, emailed, printed or saved by almost anyone.  

  • Stay alert. As you get to know more people online, you may begin to share information casually. Scammers count on that false security to gather personal information that can help them commit fraud or steal your identity. Continue to use common sense as you make online friends. Listen to your instincts about people.

Don't Be a Victim

  • Don't accept friend requests from strangers. Does this really need to be said? Probably since you were able to talk adults have told you, "Don't talk to strangers." The same thing applies online.

    Let's face it. Do you really think that super hot girl is having trouble meeting people? Chances are it's some scumbag trying to get your personal information to commit identity theft.

  • Shop safely online.  Make sure the site is secure (the address starts with https not http).  Never give out bank account numbers, social security numbers, or any other personal information that is not absolutely needed.  Do not use a shared or public computer for online shopping.

  • Never rush to meet someone you have met online.  Even if you've met them on a reputable site and they seem trustworthy, be suspicious if they're pushy about wanting to meet you in person.  Make sure to talk on the phone before meeting, meet in a public place, and bring a friend.

 

 

Beware of Phishing Scams

Phishing email messages, websites, and phone calls are designed to steal money or information. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer. Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website.

Example of phishing email & Warning Signs

Here is an example of what a phishing scam in an email message might look like.

Example of a phishing email message

  • Spelling errors and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam. For more information, see Email and web scams: How to help protect yourself.

  • Beware of links in email. If you see a link in a suspicious email message, don't click on it. Rest your mouse (but don't click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's web address.

    Phishing scams masked web address

    Links might also lead you to .exe files. These kinds of file are known to spread malicious software.

  • Threats. Have you ever received a threat that your email account would be closed if you didn't respond to an email message? The email message shown above is an example of the same trick. Cybercriminals often use threats that your security has been compromised. For more information, see Watch out for fake alerts.

  • Spoofing popular websites or companies. Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows.

Can you spot a phishing email? Take this short quiz to find out.

How to Avoid Them

To avoid phishing scams, never click the links provided within these types of email messages. If you feel the message may be legitimate, go directly to the company's website by typing it in your browser or contact the company by phone to see if you really do need to take the action described in the email message. Delete the email message from your Inbox, and then empty it from the deleted items folder to avoid accidentally accessing the fraudulent web sites it contains.

We would like to remind you of some simple steps to prevent becoming a victim of ‘phishing’ attempts. 

  • DO NOT reply to email with any personal information or passwords. If you have reason to believe that the request is real, call the institution or company directly.
  • DO NOT click a link in an email message. If you have reason to believe the request is real, type the web address for the company or institution directly into your web browser.
  • DO NOT use the same password for your AU account, bank, Facebook, etc. In the event you do fall victim to a phishing attempt the thieves will try the compromised password in as many places they can.
  • DO change ALL of your passwords if you suspect any account you have access to may be compromised, whether it is your AU account, Facebook, bank, etc.
  • DO be equally cautious when reading email on your phone. It may be easier to miss telltale signs of phishing attempts when reading the email on a smaller screen.  

Use a Phishing Filter

If you use Internet Explorer as an internet browser, you should enable the Phishing Filter. This feature enables a portion of the web browser to change colors to signify that the page you're on is a known phishing site.

Firefox has a similar feature. To turn on this feature go to: Tools > Options > Security. Check Block Reported Attach Sites and Block Web Forgeries.

If you do fall victim, tips for damage control are available on the Phishing Web Page.

Links and References

For avoidance tips, more info and examples try these sites:

Reporting Phishing Attempts

You can report these phishing scam attempts to the company that's being spoofed.

 

 

Promotional Material

Please display these promotional items during National Cyber Security Awareness Month. All items are provided by the Office of Information Technology and are free of charge to use as print items. All promotional items must be used in the manner intended. Reproducing all or part of any promotional items for uses other than intended is prohibited. If you have any questions, please contact webmaster@auburn.edu.