Device Settings
Set devices to lock themselves
What?
Always set up a long (8 numbers or more) PIN code or complex password (longer than 12 characters) to log in to any device–computer, phone, or tablet.
Why?
This ensures that a lost or stolen device is inaccessible through its screen and the hardware remains encrypted. Use the screen timeout feature of your device and require your password or PIN to wake it back up to ensure that your information and your accounts are protected even if the device is found while turned on.
How?
- macOS: Apple menu > System Preferences > Security & Privacy > General, then select Require password.
- Windows:
- Android: Settings > Lock screen > Select screen lock (varies for different Android versions).
- iOS:
The shorter the screen timeout period, the shorter the amount of time your device is vulnerable–so choose as short a time as you can while still being able to do your work.
If stepping away from a device, manually lock the screen. Nearly every computer operating system has a keyboard shortcut or other quick way to lock a device (look it up in the relevant documentation or ask your technical support provider).
Caveats
Public spaces: Be aware when entering a PIN or password in public spaces to be sure nobody malicious is watching and that your keystrokes are not being recorded on camera.
Biometrics: For mobile devices, biometric unlocking mechanisms (for example, fingerprints or facial recognition), swipe patterns, and other locking mechanisms are becoming more common, and are generally easier to use than complex passwords and long PINs. However, they can be more easily bypassed by, for example, grabbing your wrist and forcing your thumb into the button, holding your phone up to your face, or looking at the pattern of skin oils on your screen to see a swipe pattern. For these reasons they are not recommended. This may change as implementations improve.
Turn off built-in file sharing
What?
Why?
Although handy for sharing files with peers, the built-in file sharing functionality on your device is vulnerable to abuse or accidental information leakage, especially on simple networks like one finds in cafés or on airplanes, which don’t provide host isolation (the lack of host isolation means that any device using the wireless can connect to any other device). It is preferable to set up alternate tools and practices for sharing files, such as a central file repository in your office or a an Internet-based file service.*
How?
To turn off file sharing on a Mac, go to Apple menu>System Preferences, then click Sharing and make sure all the boxes are unchecked. Also disable AirDrop on your computer by going to the Finder, and choosing AirDrop under the Go menu. When the window comes up, you will see the phrase “Allow me to be discovered by” with a dropdown menu for completion. Choose “No One” from this dropdown. On an iOS device, select “Receiving Off” in the Control Center’s AirDrop settings. See this article (https://support.microsoft.com/en-us/kb/307874) for turning off file sharing on a Windows computer.
Recognize that if you are currently using any built-in file sharing functionality to share files inside an office, doing this will disrupt current work practices.
Turn on firewall
What?
Why?
How?
- macOS: Security Planner / Mac Firewall
- Windows: Security Planner / Glasswire Firewall