What are Portable Devices?
Users can access corporate and personal data on the go with portable devices including jump drives, personal audio players, and tablets. However, as their use grows, so do the risks that come with it. The characteristics that make these devices portable and allow them to connect to numerous networks and hosts on-the-fly also make them vulnerable to physical control loss and network security breaches. Data loss (when a physical device is lost), data exposure (when sensitive data is disclosed to the public or a third party without agreement), and greater exposure to network-based attacks to and from any system to which the device is linked are all risks associated with using portable devices (both directly and via networks over the internet).
Concerning Portable Devices Portable gadgets are available for both business and personal use, and new products are constantly being introduced. The focus of this study is on two types of portable devices:
• Basic media devices that must send data via a wired connection to a host. (for example, jump drives, media cards, CDs, DVDs, and music players that do not support Wi-Fi)
• Smart media devices with wired or non-cellular wireless data transmission capabilities (for example, tablets, gaming devices, music players with Wi-Fi capabilities, and readers). Email, surfing the web and downloading apps, music, and books are all common uses for these devices. Mobile phones and laptop computers are both portable devices.
What Are the Risks of Using Portable Devices?
The simple storage medium may appear harmless, yet it has the potential to bring a user or an organization several difficulties. According to TechAdvisory.org, 25 percent of malware (malicious applications) is being propagated via USB devices. These devices (such as a flash drive or music player) connect to your computer’s USB connection and may contain malware that you unwittingly copy or that is launched automatically by your computer’s Autorun or Autoplay feature. As attackers employ small circuit boards installed in keyboards and mouse devices to run malicious code when a certain key is pushed or a condition is fulfilled, attacks are becoming more sophisticated and difficult to detect.
Once the malware has infected your computer to steal or harm your data, it may spread to other computers in your home or office network. And bypassing malware across all PCs that the gadget connects to, attackers can easily spread malware via these devices. Because these storage devices can install malware inside any firewalls on the PC or network, users may not notice the infection until it has caused significant damage. Because storage devices are easy to hide and their use is difficult to detect, they can also allow criminal insiders to steal data conveniently and invisibly.
When users download software or games that contain malware or viruses, smart gadgets can infect your PC or network invisibly. Their widespread use, emphasis on usability, and lack of security features make them vulnerable to malware attacks. Furthermore, procedures routinely employed for storing sensitive data on smart devices have the potential for irreversible data disclosure or loss. Users routinely save personal bank account details or sensitive client information on their smart devices, which may be running untrustworthy apps or connected to untrustworthy and susceptible networks. Furthermore, the technologies that make smart devices so appealing—like Bluetooth and Wi-Fi—can also be the most dangerous.
When users turn on Bluetooth, the device becomes “discoverable” to both the headset and malicious attackers looking to take advantage of the connection. They also target residential and public Wi-Fi networks; public Wi-Fi hotspots are particularly vulnerable and a common target for attackers looking for data to steal. Attackers frequently loiter close, intercepting unencrypted data with tools like Kismet and Wire shark.
The tiny size and portability of both storage devices and smart gadgets provide another potential problem. Users can simply leave them in a café or a taxi and never see them or the information they contain again. The company’s reputation and well-being, as well as its own, could be jeopardized if they contain sensitive or private organizational data.
What You Can Do to Reduce Your Risks?
There are things you can do to lessen the risks connected with using portable devices, whether you are a home user or work in an organization. The following are some suggested best practices for individuals and organizations. Practices for Using Portable Storage Media When using storage media without Wi-Fi capabilities, such as jump drives, CDs, and audio players, follow these best practices:
• Run an anti-virus scan on any device that connects to your computer via a peripheral port (such as USB).
• Never connect a computer to a discovered jump drive or media device. Any unknown storage device should be given to the security or IT staff near where it was discovered. For all removable media devices, disable the Autorun and Autoplay functionalities. When users plug removable media into a USB port or insert it into a drive, these functions instantly open it.
• Separate your personal and professional information. Do not connect your audio player or your business jump drive to your home computer.
• Use strong encryption, such as AES 128/256 bit, to protect all sensitive data on jump drives, CDs, and DVDs.
• Install anti-virus and anti-spyware software on your computer (and any computers in the network). Enable automatic updates or make sure all of the PC’s software is up to date with the latest patches.
• Use secure erase software to destroy sensitive data from a USB device after you’ve finished transferring it.
Consider using jump drives with built-in anti-virus protection, which will automatically check the drive as well as each computer user connect it to. Although such a capability requires a lot of disc space and time to run, depending on your situation, it can be worth it.
Guidelines for Using Portable Smart Devices When utilizing smart gadgets like tablets, music players with Wi-Fi capabilities, and readers, follow these best practices:
- Protect the device with a strong password or PIN that you change regularly.
- Find out what programs and games will have access to on the smartphone before you download them. Most programs provide this information; ones that don’t should be avoided.
- Only download apps, games, and music from reputable sites. Only download well-known games from reliable and verified sellers, or through a commercial shop supported by your device manufacturer or provider.
- Install anti-malware software on the device and take action if it detects questionable applications. Also, check the entire device for malware regularly.
- Set up a local firewall on the device to filter inbound and outbound traffic and stop harmful applications wherever possible.
- When you’re not using the device, set an idle timeout to automatically lock it.
- Don’t “jailbreak” your phone. Jail breaking is the process of eliminating the manufacturer’s restrictions on a device, usually by installing modified operating-system components or other third-party software. Jail breaking a gadget makes it more vulnerable to viruses since it disables crucial security features.
- If your device allows location tracking, enable it so you can trace the whereabouts of your device if you lose it.
- When you’re not using Bluetooth, Wi-Fi, or other services, turn them off.
- When utilizing Wi-Fi in a semi-trusted area, encrypt your home network, utilize a VPN connection, or otherwise verify that traffic is encrypted (for example, when you may trust the wireless access point but not necessarily the other users on the network).
- When using Bluetooth, turn it to “non-discoverable” mode to prevent unauthenticated devices from seeing your device.
- Use AES 128/256-bit encryption to protect all data stored on tablets.
- Enable a remote-wiping capability if available to remove all data on the device if it is lost or stolen.
All Portable Devices: Recommended Organizational Practices For handling all forms of portable devices, businesses should follow the following best practices:
• Only utilize removable media devices if there is a compelling business rationale that has been approved by the organization’s chief IT security officer.
• Establish security and acceptable-use regulations for all portable media devices, and make sure the staff are aware of them.
• Teach your employees to report missing devices as soon as possible so that all data on them can be erased.
• Only support a few devices, and think about their security features and weaknesses.
• Teach staff the importance of using strong passwords and PINs, and make them mandatory.
• Only use a secure VPN connection to connect to the corporate network. Consider banning personal, portable media devices from the workplace (those that can’t be managed and monitored by the company).
• Encrypt data being communicated by configuring secure sockets layer (SSL) security capabilities on organizational web servers.
• There are the various advantages and disadvantages of distributing locked-down, corporate-controlled devices vs having a “bring your device” policy.
• Consider creating a mobile device inventory that contains sensitive company data and auditing it regularly.
Using portable devices has advantages and disadvantages, but the disadvantages can be mitigated or at least reduced if users follow the recommended practices. You must utilize old goods with caution as new ones reach the market, always evaluating their security features, prospective flaws, and ways they could be targeted by hostile attackers.