If you plan to purchase a new mobile device for yourself or someone on your holiday list, be sure to protect the device as well as its data. Here are a few easy security steps to implement:
- Set up two-factor authentication (2FA) services.
- If your new device is a replacement for one you have been using as your second factor for Duo Security and Google 2-Step Verification, be sure to enroll the new device in these services. Install the Duo app and use its push or passcode feature. OIT no longer recommends using text messaging to receive passcodes.
- Be sure to protect your personal accounts with 2FA services.
- Lock your device.
Secure your new device with a passphrase, pattern or biometric authentication. Should you lose your device, this security measure protects your personal information from the average criminal.
- Physically secure your device.
Don’t leave any of your devices unattended. Theft of mobile devices is one of the most common ways that data is stolen. The NC State Help Desk regularly receives reports of device theft from vehicles.
- Secure all future data.
Enable lost-device functionality. Configure the device settings to automatically wipe all data after a particular number of incorrect logins are attempted (for example, 10); also, enable the option to wipe the device remotely.
- Provide ongoing physical protection.
Use only trusted chargers and cables. Do not use public charging stations. A malicious charger or computer can load malware onto mobile devices via the charging station. Such malware can circumvent your device protections and even take control of them. A device infected with malware can propagate infections to other devices.
- Power down often.
Power the device off and then power it back on frequently, at least once a week. Doing so can help prevent malware installation and zero-click exploits.
- Avoid phishing attempts.
Never click a link or open an attachment from someone you don’t know, and make sure every sender’s email address is exactly as it should be. For example, if you have a friend with the email address of email@example.com, don’t trust an email from Joe Sample with an email address firstname.lastname@example.org where the number one (1) replaces the letter “l”.
- Don’t use text messaging for sensitive content.
When a website prompts you to receive a passcode, never opt for a passcode via text messaging.
- Connect your new device to eduroam.
The eduroam service is NC State’s only secure wireless service that encrypts your data in transmission. As an added benefit, enrolling in eduroam at NC State allows you to connect to secure Wi-Fi automatically at participating educational and research institutions worldwide.
- Apply security updates.
Manufacturers and application developers update their software to fix bugs and vulnerabilities. Apply these security updates as soon as possible to ensure you’re fixing identified weaknesses.
- Be careful when downloading apps.
- Make sure you trust the app providers and download apps only from trusted sources such as the Google Play Store or Apple App Store, as they are more proactive about removing malicious apps.
- Limit the amount of personally identifiable information you share with each app. Also, allow each app to access your location only while actively using the app.
- Beware of free public Wi-Fi.
Always assume cybercriminals are nearby and ready to attack wherever public Wi-Fi is available; avoid performing any sensitive activity like a bank transaction on public Wi-Fi. If you need to access your Unity account, disable any unsecured Wi-Fi and switch to your mobile network. If this is not a suitable option and you must use public Wi-Fi, use it only over the NC State Virtual Private Network.
- Disable unwanted and unnecessary services.
Capabilities such as Bluetooth, Near Field Communication, unsecured Wi-Fi, and GPS provide convenience, but they can make it easier for a nearby, unauthorized user to access your data. Turn these features off when you are done using them.
- Check for Chrome and other browser updates every time you open a browser.
Make it a habit to update your Chrome browser as soon as updates become available. The sooner you update your browser, the better the protection for your device and its data.
For additional resources to help you protect your device, see: