Keep Your Devices Secure

Learning Objectives

After completing this unit, you’ll be able to:

Describe methods for safeguarding your software.
Explain the importance of locking your devices.
Summarize key principles for backing up your devices.
Describe methods for limiting your attack surface.
Explain how to protect against juice jacking.

Safeguard Your Software

When it comes to digital security, software can be good, bad, and ugly. Follow these guidelines to keep the good stuff in and the bad stuff out.

Get an antivirus solution. This software helps combat the ever-evolving threat of malware. It uses a combination of tactics to help protect your PC and MacOS machines, as well as your smart devices and networks.
Download software selectively. One of the best ways to ensure you choose legitimate software is by following recommendations from trusted sources. Also, avoid downloading software from unsolicited links and keep in mind that free doesn’t typically mean safe.
Don’t forget patching. When your software is outdated, there can be vulnerabilities in the code that leave you at risk. Software patches are updates that guard against these security threats. Periodically, software programs prompt you to install patches. Never pass on a patch.

A security guard standing outside of a door marked “My Documents” saying “Stop!”

Hackers typically gain access to your devices through the internet. But they can also do it the old-fashioned way—snagging info by gaining physical access to your devices.

Lock Before You Walk

Unfortunately, more security often means less convenience. Even though locking down physical access to your devices can be inconvenient at times, it’s an effective step in protecting unauthorized access to your information.

This is where “lock before you walk” comes in. Always lock your computer and smartphone before leaving them unattended. Or consider updating settings so your device locks automatically after a few minutes (or seconds) of inactivity. And make sure to always power down your device prior to storing it.

Also remember that criminals can check out your screen even if you haven’t walked away from your device. If shoulder surfers have a full view of your screen, they can even take photos of your display. Privacy screens prevent your display from being viewed from any angle other than straight on.

Unfortunately, taking precautionary steps such as those described in this training cannot 100 percent guarantee that your data won’t be compromised (even after putting all of this amazing wisdom into practice). However, taking the next step can help prevent you from losing your data to a hacker.

Back It Up

Hackers who use malware aren’t limited to stealing your data. In some cases, they erase or encrypt it. For example, ransomware is a type of malware that encrypts your data, making it useless. You might have to pay a ransom to get the hacker to decrypt your data, with no guarantee that they will do so.

Instead of paying costly ransoms or losing information altogether, you can restore your data with a recently performed backup. Backing up your information is an often overlooked step in personal digital security, but it’s easy if you follow the 3-2-1 rule often used by IT pros.

3: Keep at least three copies of your data.
2: Keep those copies on two different types of media (for example, local and external hard drives).
1: Keep one copy in an offsite location (for example, cloud storage).

Three documents labeled 1, 2, and 3

Limit Your Attack Surface

In the Cybersecurity Threats and Threat Actors module we learned about the attack surface, which is made up of the devices, applications, and files that attackers would like to exploit as entry points into compromising your confidential data. With enticing data from mobile app activities, such as banking, social networking, emails, maintaining calendars and contacts, mobile ecommerce, as well as GPS information, a multitude of vulnerabilities exist. Cybercriminal activity targeting mobile devices can have dire consequences, including stealing critical data, tracking users, and denying access to their devices. Your mobile device can also be used as a launching pad for more lucrative attacks aimed at enterprise systems, social networks, and cloud platforms.

One of the key ways to protect yourself from attack is to limit the attack surface available to malicious actors. Here are a few tips for how to do so.

Delete all information stored in a device prior to discarding it.
Disable features not currently in use, such as Bluetooth, infrared, or Wi-Fi.
Set Bluetooth-enabled devices to non-discoverable.
Turn off automatic connections when not in use.
Log out of accounts when done, especially on shared or public computers.
Review app permissions and revoke any that aren't necessary for the app to function.

Protect Against Juice Jacking

Juice jacking is when an attacker compromises a public charging station that installs malware when a portable device is plugged in. For this reason, use caution when using USB charging ports available in public areas like an airport, train station, or hotel conference room. When you plug your phone into a new device it may ask, “Trust this computer?” If you’re using a device just for charging, always choose “don’t trust.” And if you see this message when using public charging stations that are supposed to be for power only, it’s a big red flag. These ports shouldn’t be asking to access your data, so unplug your phone and let anyone else around know something isn’t right. Other good ways to prevent juice jacking are to bring your own charger or portable power bank or get a power-only USB cable, making it impossible to transmit data across it.

By now, you know the basics on digital security, how to create strong passwords, and how to keep your devices secure. Finally, let’s explore how to stay safe across the wild world wide web.