Securing laptops and mobile devices

Overview
Encryption software
Physical locks and security

Password protection
Recovery preparation
Re-purpose and recycle mobile devices

Recommended security profiles
Lost/stolen electronic media or computing device

Overview

Mobile technology (portable devices) adds another dimension to issues related to information security. Physical security is paramount. Never leave portable computing devices (or portable storage media) unattended and unlocked. Make sure access to data on the device and physical access to the device itself is appropriately restricted. Portable devices such as PDAs, USB memory sticks and laptops are all especially vulnerable to loss or theft. Protective measures include storing devices in a locked briefcase or cabinet, using password protection and encryption.

Please see best practice recommendations for additional security measures to assist in securing portable computing devices.

Encryption software

Encryption is a very important tool to safeguard protected and confidential data, but it is a powerful tool that needs to be installed and used with caution. Information that is directly related to the business of Yale University (finance & administration, HR, student affairs, legal, primary source clinical and research data) should only be encrypted using a University approved method which provides the ability for Yale to recover the data in the event of an emergency. Please be sure that you have read and understand the University Endorsed Encryption Implementation Procedure before you implement any encryption option.

Pretty Good Privacy (PGP) encryption software (using Yale ADK -Additional Encryption Key) is available from the Software Library. PGP Desktop Pro provides both file and whole disk encryption.

Physical locks and security

Portable devices, such as laptops, are particularly vulnerable to theft and resale, and should be properly secured with a lock. Many laptops have slots made to connect a lock. These locks are available at most computer stores.

Minimize physical security risks by:

Never leaving your mobile gear unattended, even for a moment. If you must leave your mobile gear in a car - put it in the trunk and lock the trunk.
Use a carrying case for your laptop that is sturdy and doesn't scream 'laptop inside'.
If you are going out for coffee or lunch - lock your gear in a desk or an office that can be locked.
Secure the locations of mobile devices as well, and remember access control procedures:
- regular review of people who have key, swipe, PIN card access
- change PINs regularly and/or when people leave their position
- know who has access to enable/disable fire doors
- locks on each office, not simply the area/suite
- procedures to coordinate physical security options for buildings not owned by the University

Click here to show/hide the physical security comparison table

Safeguard	Cost	How to get it	Windows/Mac Notebooks	PDA or Smartphone
Security cable Physically securing a laptop or PDA with a cable and lock is an elementary step in protecting a mobile device.	29.99	Purchase through any store carrying computing and peripheral equipment such as Staples, CompUSA, etc.	Combination locks are convenient and save you from having to store a key, however, a traditional key lock may prove to be stronger. Use the Yale Eportal to order.	N/A
Enroll in S.T.O.P Program Security Tracking of Office Property - a unique, tamper-proof patented plate, with barcode and indelible tattoo is applied to your computing device. A highly effective theft-deterrent by providing unmistakable proof that equipment is police traceable and/or stolen.	$25.00 for 3 years	Kits may be purchased and installed at the Computing and Media Center or by your local DSP. Central campus: Please contact Pat Killips at 203.432-2873 or email patrick.killips@yale.edu. Medical campus: Please contact Dave Landino at 203.785-5521 or email david.landino@yale.edu.	Yes	Yes

Password protection

Passwords are the keys used to access personal information stored on computers and in online accounts. In controlling access to anything, trade-offs are made between security and convenience. If a resource is protected by a password, then security is increased with a consequent loss of convenience for users. You can use one or more password types to guard access to your computer or mobile device.

Include techniques such as:

Never setting programs to automatically logon (e.g., email, VPN, or any authentication information to Yale and non-Yale systems including banking, other affiliated institutions, etc…).
Never save (unencrypted) passwords on your local drive (e.g., in a file, as an address book entry or browser bookmark).
When choosing a smartphone, PDA or other mobile technology that incorporates email, only choose an email client that supports SSL/TLS.

Click here to show/hide the password protection comparison table

Safeguard	Cost	How to get it	Windows Laptop	Mac Notebook	PDA or Smartphone
Hardware or BIOS level passwords Your computer has a Basic Input Output System or BIOS. This is the first program that is run when your computer starts. You can tell the BIOS to ask for a password when it starts, thus restricting access to your computer.	Free	When your computer first starts up, it may prompt you to press a specific key or key-sequence to enter the BIOS configuration area. It is in this area that the password can be set.	Vendor dependent. During computer start up, you will see a message similar to “Press <F8> to enter setup”. By pressing the denoted key sequence at that time, the BIOS settings and interface open, and there you can find the feature to enable a BIOS password. The BIOS of many laptops allows you to set an additional hard disk password. In the event the laptop is stolen, a password protected hard disk can not be removed and reinstalled in another device to access the data.	Open Firmware Passwords can be changed with physical access to the hardware’s interior. Mac OS X 10.1 or later	Check the owners manual, nearly all models have this feature. Example - Palm IIIx or later – Tap the House icon (Palm IIIx or later) or the Applications icon (Palm III). Tap the Security icon; Tap the box next to Password; Enter a password; Tap OK; Enter your password again; Tap OK; The field next to Password should now say Assigned.
Additional password organizers There are password organization products that will encrypt data to keep it secure between your various computing devices, such as Password Plus from DataViz or Passwords Max.	$25.00 - $29.99	DataViz Password Plus or Author Direct Shareware (Passwords Max) or Splash ID	Yes DataViz - 98, NT 4.0, Me, 2000, XP Passwords Max - Windows 95 through Windows XP Splash ID - Windows 98, ME, NT4, 2000 or XP	Yes DataViz - Mac OS X (10.1.5 or higher) Splash ID - Mac OS 10.2 or later	Yes DataViz - Palm OS version 4.X or higher Includes Palm, Sony Clié, Handspring, Samsung. Kyocera, and Garmin SplashID - Mobile versions (includes desktop companion) are available for Palm OS/Treo, Pocket PC, Windows Mobile Smartphone, Symbian UIQ, Series 60, and BlackBerry
Locking screen-savers Most screen savers can be setup to lock your computer after some period of inactivity.	Free	Most computer operating systems have options to configure and select a screen saver.	Yes The display control panel item lets you configure the screen saver.	Yes Select 'Screen Effects' from the System Preferences to configure the screen saver (OS X 10.2) or locate the 'Personal' section and choose 'Desktop & Screen Saver' in System Preferences (OS X 10.3 and up)	Check the owners manual, many models have this feature.

Recovery preparation

There are steps you can take to safeguard your device and data which will make recovery a smooth operation.

Recommendations include:

Keep all sensitive data, files and email on a secure Yale server.
When choosing a smartphone, PDA or other mobile technology that incorporates email, only choose hardware/software that keeps email on Yale servers (no storage on vendor mail servers).

Click here to show/hide the recovery preparation comparison table

Safeguard	Cost	How to get it	Windows Laptop	Mac Notebook	PDA or Smartphone
Backup your data Backup your data by subscribing to the ITS backup service.	$3.50 per month or more	ITS backup service is a subscription based service offered by ITS.	Visit the ITS backup service page for tips on backing up laptops.	Read the ITS backup service page for tips on backing up laptops and Intel Macs.	Synch your PDA/Smartphone with your computer regularly to essentially backup your mobile data.
Remotely locate your laptop Computrace - Billed as LoJack for Laptops, this assists in recovering laptops after a theft. If you notify the company’s recovery team after a theft has occurred, the monitoring center then tries to track the system down, and provides law enforcement personnel with details about the computer’s location.	$49.99 per year	LoJack for Laptops is a subscription based service.	Windows XP (64 bit version not supported) Internet Connection and/or Hayes-compatible modem IE 6 or above	Mac OS X v10.3 or higher PowerPC G3/G4/G5 processor or Intel Core Duo processor Internet connection Safari or Firefox Browser	N/A
Password protect your PDA with data destroy options Configure your PDA to require use of a password. Blackberry devices can be set to automatically delete data after multiple incorrect passwords are entered.	Free	Built-in feature of the device’s operating system.	N/A	N/A	Most PDA’s and SmartPhones have this feature built into their operating system software. Consult the device’s user manual for specific device instructions.
Remotely destroy your data If you want to destroy the data on your laptop or device after its gone, these “Kill Pill” technologies will delete your data after receiving a remote command.	Range $10.00 - up	Products must be purchased and installed, and in some cases pre-configured for this feature to be enabled.	Computrace Plus and Complete versions have a data-delete function. Your computrace account must be pre-authorized for this service.	Same as windows laptop	PDAKill ($10; Pocket PC) and remotePROTECT (Pocket PC 2003 and Windows Mobile 5; $15) or Central from Bluefish Wireless ($15; Palm Treo).
Additional security solution for Palm Treo devices Warden Software is a security product that allows for configuration of both locally and remotely controlled security options including remote device locking and data removal on both main memory and SD memory expansion cards.	$25.00	Warden Software from Corsoft Mobile Solutions Also see Lock My Treo	N/A	N/A	Versions available for Palm Treo 700P, 680, 650, 600 with Palm OS and Palm Treo 750, 700WX, 700W with Windows Mobile 5 OS.

Repurpose and recycle mobile devices

Mobile devices are often handed down from one user to another, and little thought is given to the data and security when disposing of these devices.

The following techniques apply:

Read the Yale guidelines in place for the Disposal of Media Containing Confidential or Protected Health Information.
If you store unencrypted protected or confidential information on your computer's hard drive, the drive should never be returned to the manufacturer or a non-Yale service center for repair or warrantee replacement.
Always backup regularly and configure your computer, so that you understand what directories contain files, data, and email.

Click here to show/hide the repurpose and recycle table

Safeguard	Cost	How to get it	Windows Laptop	Mac Notebook	PDA or Smartphone
Reset passwords and wipe data Prepare the machine or device for re-deployment or disposal by removing your data and resetting your passwords.	Free	Ask your support provider for assistance.	Visit the Software Library for Data Removal Service software.	Delete data and use Secure Empty Trash (Mac OS X 10.3) or use the technique to zero all data on the disk	Before handing down or giving away an older model, make sure you reset the passwords and perform a hard reset to remove any data.

Recommended security profiles

Click here to show/hide the recommended security profiles table

Lost/stolen electronic media or computing device

If you need to report lost or stolen electronic media or a computing device please complete our lost/stolen form and send it to security@yale.edu.

Requiring minimum security (no secure data stored locally)	Requiring most security (Ephi, HIPAA, single source, financial data, confidential info)
Laptops docked (home and office only) S.T.O.P. Program Security cable Locking screen saver	Laptops docked (home and office only) S.T.O.P. Program Security cable Locking screen saver Backup service Computrace
Laptops mobile (always on the move) S.T.O.P. Program Security cable Locking screen saver BIOS level password	Laptops mobile (always on the move) S.T.O.P. Program Security cable Locking screen saver Backup service Computrace Password organizer
PDA and smart phones S.T.O.P. Program BIOS level password	PDA and smart phones S.T.O.P. Program BIOS level password Password protection w/data destroy options

Yale University

ITS Office of Information Security

Find it