Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Cybersecurity Best Practices for Removable Media and Mobile Devices, Slides of Mobile Computing

Cybersecurity best practices for handling removable media and mobile devices in both organizational and personal contexts. Topics include approved media usage, data protection, traveling with devices, public use, and specific risks such as near field communication and gps tracking. The document emphasizes the importance of following organizational policies and securing sensitive information.

Typology: Slides

2021/2022

Uploaded on 09/12/2022

janeka
janeka 🇺🇸

4.1

(15)

260 documents

1 / 3

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
UNCLASSIFIED
Cyber Awareness Challenge 2022 Removable Media and Mobile Devices
1
UNCLASSIFIED
Removable Media and Mobile Devices
Removable media include flash media, such as thumb drives, memory sticks, and flash drives; external
hard drives; optical discs (such as CDs, DVDs, and Blu-rays); and music players (such as iPods). Other
portable electronic devices (PEDs) and mobile computing devices, such as laptops, fitness bands, tablets,
smartphones, electronic readers, and Bluetooth devices, have similar features. The same rules and
protections apply to both.
Use only removable media approved by your organization
Only use flash media or other removable storage when operationally necessary, owned by your
organization, and approved by the appropriate authority in accordance with policy
Do not use any personally owned/non-organizational removable media on your organization’s
systems
Do not use your organization’s removable media on non-organizational/personal systems
Never plug unauthorized devices into a government system
Be aware that wireless connections to the devices bring increased threats and vulnerabilities
Abide by the signed End User License Agreement for mobile devices
Understand and follow your organization’s Bring Your Own Device (BYOD) policy
Use of Removable Media and Mobile Devices
Your organization may severely restrict or prohibit the use of removable media and PEDs. Follow your
organization’s policies or contact your security POC with questions. If allowed, use appropriately:
Do not download data from the classified networks onto removable storage media
Encrypt data appropriately and in accordance with its classification or sensitivity level
As a best practice, label all removable media regardless of classification or environment and avoid
inserting removable media with unknown content into your computer
Store according to the appropriate security classification in GSA-approved storage containers
Mark all classified and sensitive material correctly
Ensure unclassified media in a classified environment is labeled appropriately
Label all media containing Privacy Act information, personally identifiable information (PII), or
protected health information (PHI) appropriately regardless of environment
Follow your organization’s policy for sanitizing, purging, discarding, and destroying removable
media
Destroy classified removable media in accordance with its classification level
pf3

Partial preview of the text

Download Cybersecurity Best Practices for Removable Media and Mobile Devices and more Slides Mobile Computing in PDF only on Docsity!

Cyber Awareness Challenge 2022 Removable Media and Mobile Devices 1

Removable Media and Mobile Devices

Removable media include flash media, such as thumb drives, memory sticks, and flash drives; external hard drives; optical discs (such as CDs, DVDs, and Blu-rays); and music players (such as iPods). Other portable electronic devices (PEDs) and mobile computing devices, such as laptops, fitness bands, tablets, smartphones, electronic readers, and Bluetooth devices, have similar features. The same rules and protections apply to both.

  • Use only removable media approved by your organization
  • Only use flash media or other removable storage when operationally necessary, owned by your organization, and approved by the appropriate authority in accordance with policy
  • Do not use any personally owned/non-organizational removable media on your organization’s systems
  • Do not use your organization’s removable media on non-organizational/personal systems
  • Never plug unauthorized devices into a government system
  • Be aware that wireless connections to the devices bring increased threats and vulnerabilities
  • Abide by the signed End User License Agreement for mobile devices
  • Understand and follow your organization’s Bring Your Own Device (BYOD) policy

Use of Removable Media and Mobile Devices

Your organization may severely restrict or prohibit the use of removable media and PEDs. Follow your organization’s policies or contact your security POC with questions. If allowed, use appropriately:

  • Do not download data from the classified networks onto removable storage media
  • Encrypt data appropriately and in accordance with its classification or sensitivity level
  • As a best practice, label all removable media regardless of classification or environment and avoid inserting removable media with unknown content into your computer
  • Store according to the appropriate security classification in GSA-approved storage containers
  • Mark all classified and sensitive material correctly
  • Ensure unclassified media in a classified environment is labeled appropriately
  • Label all media containing Privacy Act information, personally identifiable information (PII), or protected health information (PHI) appropriately regardless of environment
  • Follow your organization’s policy for sanitizing, purging, discarding, and destroying removable media
  • Destroy classified removable media in accordance with its classification level

Cyber Awareness Challenge 2022 Removable Media and Mobile Devices 2

Protecting Data on Removable Media and Mobile Devices

To protect data on your mobile computing and portable electronic devices (PEDs):

  • Lock your laptop/device screen when not in use and power off the device if you don’t plan to resume use in the immediate future
  • Enable automatic screen locking after a period of inactivity
  • Encrypt all sensitive data on laptops and on other mobile computing devices when possible
  • At a minimum, password protect Government-issued mobile computing devices; use two-factor authentication if possible
  • Secure your personal mobile devices to the same level as Government-issued systems
  • Understand your organization’s policy for using commercial cloud applications (e.g., Dropbox, Drive, etc.)
  • Maintain visual or physical control of your laptop and mobile devices at all times and especially when going through airport security checkpoints
  • Have a strategy for addressing a potential “authority situation” (e.g., police who want to inspect devices coincident with a traffic stop or an airport TSA agent check)
  • If lost or stolen, immediately report the loss to your security POC

Traveling with Mobile Devices

When traveling with mobile computing devices, including laptops and cell phones:

  • Be aware that information sent over public Wi-Fi connections may be exposed to theft, and the device may be exposed to malware
  • Fake Wi-Fi access points may be used for deception
  • Use public or free Wi-Fi only with the Government VPN Use caution when connecting laptops to hotel Internet connections. If you are directed to a login page before you can connect by VPN, the risk of malware loading or data compromise is substantially increased. When traveling overseas with mobile devices:
  • Be careful and do not travel with mobile devices, unless absolutely necessary
  • Report your travel if carrying a device approved under Bring Your Own Approved Device (BYOAD) policy so it can be unenrolled while out of the country
  • Assume that any electronic transmission you make (voice or data) may be monitored o Mobile phones carried overseas are often compromised upon exiting the plane
  • Physical security of mobile devices carried overseas is a major issue
  • Devices not in your custody or in secure U.S. Government facility storage should be assumed to be compromised