For our first monthly cyber theme, we have focused on an issue that will relate to anyone who may have received a new smartphone or tablet for Christmas – what do you do with your old one? It’s an important consideration for businesses too, as they look to upgrade or replace their existing assets. Whether you sell it, give it away or recycle it, have you ever stopped to think about how much personal data your devices hold and how valuable they could be to a cyber criminal?
All technology has a shelf life. Over time, you may find that your device becomes slower as you run out of storage space or that you can’t download the latest app. You may even find that the vendor no longer supports your device.
So, what should you do with it and how can you make sure that you are not handing over all of your personal data to the wrong people?
First of all, if you are replacing your existing device, make sure that all information is thoroughly wiped. To do this, reset it to factory default settings so that anyone who uses the device in the future cannot recover anything you previously stored on it. We have recently published guidance on how to do this for devices using both Apple and Android operating systems, which you can find here: MOBILE PHONE A5 LEAFLET web.pdf. The National Cyber Security Centre (NCSC) also has some useful information here.
If you are planning on destroying the device, consider using a company specialising in data destruction who follow recognised industry standards, such as those published by the Asset Disposal and Information Security Alliance (ADISA). These companies break each device into 6mm fragments – a jigsaw puzzle that even the most hardened cyber criminal would be reluctant to attempt!
But what about our new devices? What can we do to reduce our vulnerability to cyber crime? Start with a secure platform and it will be much easier to maintain. The following are some useful considerations to think about.
Upon initial purchase, make sure that the seller you are buying your new device from is reputable. If you are buying a used device, ask them what steps they have taken to remove any information previously stored on it.
If you run a business, create an On-Boarding Policy (with detailed procedures if required) to ensure consistent configuration of new devices that meet your security requirements. Never assign a new device to a user or connect it to your network until your security process is complete. Similarly, prevent tampering of equipment by restricting the number of people allowed to configure the initial set-up of the device- for example, a nominated administrator within your organisation who has additional rights of access to your system.
Protect all devices from plain sight by setting up a password, PIN, fingerprint or face recognition to lock the screen from view. If it falls into the wrong hands, your information will remain safe.
Install and activate anti-virus and firewall software on your new device- including apple products (if good security is not maintained, Apple products have the potential to be as vulnerable as any other operating system). There are plenty to choose from, just select one that will integrate best for your organisation. For mobile devices, there are several free Apps you can download which will provide basic protection – but make sure these are from official online App stores. Anti-virus will identify and remove malware from the device and (depending on the subscription) monitor web connections, scan individual files (such as email attachments), scan removeable media and more; a firewall will monitor every connection going to and from your device, blocking any that is unauthorised.
Manufacturers will regularly release updates for the software you install, which may address a security flaw that has been uncovered. Whatever the reason, you should always update the software when prompted. Even better, set your device to update automatically.
Remember securing your assets should not be a onetime thing, regular maintenance is needed. Follow our guidance to help you stay on the right path to a successful security strategy.
By Hannah Khoo (Business Engagement Officer)