Mobile devices, such as laptops, smartphones, tablets, portable hard drives and USB keys can hold huge amounts of sensitive or personal information. They are portable and as such, very convenient to use, however these features also make them a security risk that requires appropriate mitigation.
The Acceptable Use of I&IT Resources policy states that only government-issued devices, including laptops, smart phones and USB keys can be used for government business. Government-issued devices have built-in security features, such as encryption, password protection, and the ability to be wiped remotely if lost or stolen, which helps protect them.
Protect Devices from Loss or Theft
- Don’t store or transport high sensitivity information on mobile devices. If you must store or transport high sensitivity information, your Director must explicitly approve of this practice, and secure, government-issued devices must be used.
- Keep mobile devices containing sensitive information locked up. Do not leave them unattended or in a vehicle. This is the easiest way for devices to be lost or stolen.
Prevent Unauthorized Access to Devices
- Use automatic locks to ensure devices are password protected and choose strong passwords.
- Public wireless networks may not be secure, which means others may be able to capture the data you are sending. Avoid using public Wi-Fi for sensitive transactions.
Protect Devices from Harmful Programs, Apps and Websites
- Connect your devices to the GBC network regularly to ensure patches and updates are installed.
- Avoid charging your phone on computers or devices that you do not control, such as hotel docking stations. Malicious software could be stored on devices that could be transferred when your device is connected.
- Never connect an unknown storage device to your tablet or laptop. Any device that connects to a USB port may be considered a storage device (MP3 player, smartphone, USB key, external hard drive, etc.) and may contain malicious software.