Monthly Archives: December 2011

NEA Chairman Rocco Landesman and Rear Admiral Alton L. Stocks Announce Operation Homecoming at Walter Reed National Military Medical Center

For the first time, the National Endowment for the Arts critically acclaimed Operation Homecoming writing program will take place in a clinical setting as part of a formal medical protocol to help heal service members at the National Intrepid Center of Excellence (NICoE) at Walter Reed National Military Medical Center in Bethesda, Maryland.

ST04-017: Protecting Portable Devices: Physical Security

Original release date: December 19, 2011 | Last revised: October 01, 2016

Many computer users, especially those who travel for business, rely on laptops and personal internet-enabled devices like smartphones and tablets because they are small and easily transported. But while these characteristics make them popular and convenient, they also make them an ideal target for thieves. Make sure to secure your mobile devices to protect both the machine and the information they contain.

What is at risk?

Only you can determine what is actually at risk. If a thief steals your laptop or mobile device, the most obvious loss is the machine itself. However, if the thief is able to access the information on the computer or mobile device, all of the information stored on the device is at risk, as well as any additional information that could be accessed as a result of the data stored on the device itself.

Sensitive corporate information or customer account information should not be accessed by unauthorized people. You’ve probably heard news stories about organizations panicking because laptops with confidential information on them have been lost or stolen. But even if there isn’t any sensitive corporate information on your laptop or mobile device, think of the other information at risk: information about appointments, passwords, email addresses and other contact information, personal information for online accounts, etc.

How can you protect your laptop or internet-enabled device?

  • Password-protect your computer – Make sure that you have to enter a password to log in to your computer or mobile device (see Choosing and Protecting Passwords for more information).
  • Keep your valuables with you at all times – When traveling, keep your device with you. Meal times are optimum times for thieves to check hotel rooms for unattended laptops. If you are attending a conference or trade show, be especially wary—these venues offer thieves a wider selection of devices that are likely to contain sensitive information, and the conference sessions offer more opportunities for thieves to access guest rooms.
  • Downplay your laptop or mobile device – There is no need to advertise to thieves that you have a laptop or mobile device. Avoid using your device in public areas, and consider non-traditional bags for carrying your laptop.
  • Be aware of your surroundings – If you do use your laptop or mobile device in a public area, pay attention to people around you. Take precautions to shield yourself from “shoulder surfers”—make sure that no one can see you type your passwords or see any sensitive information on your screen.
  • Consider an alarm or lock – Many companies sell alarms or locks that you can use to protect or secure your laptop. If you travel often or will be in a heavily populated area, you may want to consider investing in an alarm for your laptop bag or a lock to secure your laptop to a piece of furniture.
  • Back up your files – If your mobile device is stolen, it’s bad enough that someone else may be able to access your information. To avoid losing all of the information, make backups of important information and store the backups in a separate location (see Good Security Habits for more information). Not only will you still be able to access the information, but you’ll be able to identify and report exactly what information is at risk.

What can you do if your laptop or mobile device is lost or stolen?

Report the loss or theft to the appropriate authorities. These parties may include representatives from law enforcement agencies, as well as hotel or conference staff. If your device contained sensitive corporate or customer account information, immediately report the loss or theft to your organization so that they can act quickly.

 


Author: Mindi McDowell


This product is provided subject to this Notification and this Privacy & Use policy.

ST04-017: Protecting Portable Devices: Physical Security

Original release date: December 19, 2011 | Last revised: February 06, 2013

Many computer users, especially those who travel for business, rely on laptops and personal internet-enabled devices like smartphones and tablets because they are small and easily transported. But while these characteristics make them popular and convenient, they also make them an ideal target for thieves. Make sure to secure your mobile devices to protect both the machine and the information they contain.

What is at risk?

Only you can determine what is actually at risk. If a thief steals your laptop or mobile device, the most obvious loss is the machine itself. However, if the thief is able to access the information on the computer or mobile device, all of the information stored on the device is at risk, as well as any additional information that could be accessed as a result of the data stored on the device itself.

Sensitive corporate information or customer account information should not be accessed by unauthorized people. You’ve probably heard news stories about organizations panicking because laptops with confidential information on them have been lost or stolen. But even if there isn’t any sensitive corporate information on your laptop or mobile device, think of the other information at risk: information about appointments, passwords, email addresses and other contact information, personal information for online accounts, etc.

How can you protect your laptop or internet-enabled device?

  • Password-protect your computer – Make sure that you have to enter a password to log in to your computer or mobile device (see Choosing and Protecting Passwords for more information).
  • Keep your valuables with you at all times – When traveling, keep your device with you. Meal times are optimum times for thieves to check hotel rooms for unattended laptops. If you are attending a conference or trade show, be especially wary—these venues offer thieves a wider selection of devices that are likely to contain sensitive information, and the conference sessions offer more opportunities for thieves to access guest rooms.
  • Downplay your laptop or mobile device – There is no need to advertise to thieves that you have a laptop or mobile device. Avoid using your device in public areas, and consider non-traditional bags for carrying your laptop.
  • Be aware of your surroundings – If you do use your laptop or mobile device in a public area, pay attention to people around you. Take precautions to shield yourself from “shoulder surfers”—make sure that no one can see you type your passwords or see any sensitive information on your screen.
  • Consider an alarm or lock – Many companies sell alarms or locks that you can use to protect or secure your laptop. If you travel often or will be in a heavily populated area, you may want to consider investing in an alarm for your laptop bag or a lock to secure your laptop to a piece of furniture.
  • Back up your files – If your mobile device is stolen, it’s bad enough that someone else may be able to access your information. To avoid losing all of the information, make backups of important information and store the backups in a separate location (see Good Security Habits for more information). Not only will you still be able to access the information, but you’ll be able to identify and report exactly what information is at risk.

What can you do if your laptop or mobile device is lost or stolen?

Report the loss or theft to the appropriate authorities. These parties may include representatives from law enforcement agencies, as well as hotel or conference staff. If your device contained sensitive corporate or customer account information, immediately report the loss or theft to your organization so that they can act quickly.

 


Author: Mindi McDowell


This product is provided subject to this Notification and this Privacy & Use policy.

ST11-001: Holiday Traveling with Personal Internet-Enabled Devices

Original release date: December 19, 2011 | Last revised: June 08, 2017

The Internet is at our fingertips with the widespread use of Internet-enabled devices such as smart phones and tablets. When traveling and shopping anytime, and especially during the holidays, consider the wireless network you are using when you complete transactions on your device.

Know the risks

Your smart phone, tablet, or other device is a full-fledged computer. It is susceptible to risks inherent in online transactions. When shopping, banking, or sharing personal information online, take the same precautions with your smart phone or other device that you do with your personal computer — and then some. The mobile nature of these devices means that you should also take precautions for the physical security of your device (see Protecting Portable Devices: Physical Security for more information) and consider the way you are accessing the Internet.

Do not use public Wi-Fi networks

Avoid using open Wi-Fi networks to conduct personal business, bank, or shop online. Open Wi-Fi networks at places such as airports, coffee shops, and other public locations present an opportunity for attackers to intercept sensitive information that you would provide to complete an online transaction.

If you simply must check your bank balance or make an online purchase while you are traveling, turn off your device’s Wi-Fi connection and use your mobile device’s cellular data Internet connection instead of making the transaction over an unsecure Wi-Fi network.

Turn off Bluetooth when not in use

Bluetooth-enabled accessories can be helpful, such as earpieces for hands-free talking and external keyboards for ease of typing. When these devices are not in use, turn off the Bluetooth setting on your phone. Cyber criminals have the capability to pair with your phone’s open Bluetooth connection when you are not using it and steal personal information.

Be cautious when charging

Avoid connecting your mobile device to any computer or charging station that you do not control, such as a charging station at an airport terminal or a shared computer at a library. Connecting a mobile device to a computer using a USB cable can allow software running on that computer to interact with the phone in ways that a user may not anticipate. As a result, a malicious computer could gain access to your sensitive data or install new software.

Don’t fall victim to phishing scams

If you are in the shopping mode, an email that appears to be from a legitimate retailer might be difficult to resist. If the deal looks too good to be true, or the link in the email or attachment to the text seems suspicious, do not click on it!

What to do if your accounts are compromised

If you notice that one of your online accounts has been hacked, call the bank, store, or credit card company that owns your account. Reporting fraud in a timely manner helps minimize the impact and lessens your personal liability. You should also change your account passwords for any online services associated with your mobile device using a different computer that you control. If you are the victim of identity theft, additional information is available from https://www.idtheft.gov/.

For even more information about keeping your devices safe, read Cybersecurity for Electronic Devices.


Author: US-CERT Publications


This product is provided subject to this Notification and this Privacy & Use policy.

ST11-001: Holiday Traveling with Personal Internet-Enabled Devices

Original release date: December 19, 2011 | Last revised: February 06, 2013

The internet is at our fingertips with the widespread use of internet-enabled devices such as smart phones and tablets. When traveling and shopping anytime, and especially during the holidays, consider the wireless network you are using when you complete transactions on your device.

Know the risks

Your smart phone, tablet, or other device is a full-fledged computer. It is susceptible to risks inherent in online transactions. When shopping, banking, or sharing personal information online, take the same precautions with your smart phone or other device that you do with your personal computer — and then some. The mobile nature of these devices means that you should also take precautions for the physical security of your device (see Protecting Portable Devices: Physical Security for more information) and consider the way you are accessing the internet.

Do not use public Wi-Fi networks

Avoid using open Wi-Fi networks to conduct personal business, bank, or shop online. Open Wi-Fi networks at places such as airports, coffee shops, and other public locations present an opportunity for attackers to intercept sensitive information that you would provide to complete an online transaction.

If you simply must check your bank balance or make an online purchase while you are traveling, turn off your device’s Wi-Fi connection and use your mobile device’s cellular data internet connection instead of making the transaction over an unsecure Wi-Fi network.

Turn off Bluetooth when not in use

Bluetooth-enabled accessories can be helpful, such as earpieces for hands-free talking and external keyboards for ease of typing. When these devices are not in use, turn off the Bluetooth setting on your phone. Cyber criminals have the capability to pair with your phone’s open Bluetooth connection when you are not using it and steal personal information.

Be cautious when charging

Avoid connecting your mobile device to any computer or charging station that you do not control, such as a charging station at an airport terminal or a shared computer at a library. Connecting a mobile device to a computer using a USB cable can allow software running on that computer to interact with the phone in ways that a user may not anticipate. As a result, a malicious computer could gain access to your sensitive data or install new software. Don’t Fall Victim to Phishing Scams If you are in the shopping mode, an email that appears to be from a legitimate retailer might be difficult to resist. If the deal looks too good to be true, or the link in the email or attachment to the text seems suspicious, do not click on it!

What to do if your accounts are compromised

If you notice that one of your online accounts has been hacked, call the bank, store, or credit card company that owns your account. Reporting fraud in a timely manner helps minimize the impact and lessens your personal liability. You should also change your account passwords for any online services associated with your mobile device using a different computer that you control. If you are the victim of identity theft, additional information is available from http://www.idtheft.gov/.

For even more information about keeping your devices safe, read Cybersecurity for Electronic Devices.

References


Author: Amanda Parente


This product is provided subject to this Notification and this Privacy & Use policy.

ST05-017: Cybersecurity for Electronic Devices

Original release date: December 19, 2011 | Last revised: June 08, 2017

When you think about cybersecurity, remember that electronics such as smartphones and other Internet-enabled devices may also be vulnerable to attack. Take appropriate precautions to limit your risk.

Why does cybersecurity extend beyond computers?

Actually, the issue is not that cybersecurity extends beyond computers; it is that computers extend beyond traditional laptops and desktops. Many electronic devices are computers—from cell phones and tablets to video games and car navigation systems. While computers provide increased features and functionality, they also introduce new risks. Attackers may be able to take advantage of these technological advancements to target devices previously considered “safe.” For example, an attacker may be able to infect your cell phone with a virus, steal your phone or wireless service, or access the data on your device. Not only do these activities have implications for your personal information, but they could also have serious consequences if you store corporate information on the device.

What types of electronics are vulnerable?

Any piece of electronic equipment that uses some kind of computerized component is vulnerable to software imperfections and vulnerabilities. The risks increase if the device is connected to the Internet or a network that an attacker may be able to access. Remember that a wireless connection also introduces these risks. (See Securing Wireless Networks for more information.) The outside connection provides a way for an attacker to send information to or extract information from your device.

How can you protect yourself?

  • Remember physical security – Having physical access to a device makes it easier for an attacker to extract or corrupt information. Do not leave your device unattended in public or easily accessible areas. (See Protecting Portable Devices: Physical Security.)
  • Keep software up to date – If the vendor releases updates for the software operating your device, install them as soon as possible. Installing them will prevent attackers from being able to take advantage of known problems or vulnerabilities. (See Understanding Patches.)
  • Use good passwords – Choose devices that allow you to protect your information with passwords. Select passwords that will be difficult for thieves to guess, and use different passwords for different programs and devices. (See Choosing and Protecting Passwords.) Do not choose options that allow your computer to remember your passwords.
  • Disable remote connectivity – Some mobile devices are equipped with wireless technologies, such as Bluetooth, that can be used to connect to other devices or computers. You should disable these features when they are not in use. (See Understanding Bluetooth Technology.)
  • Encrypt files – If you are storing personal or corporate information, see if your device offers the option to encrypt the files. By encrypting files, you ensure that unauthorized people can’t view data even if they can physically access it. When you use encryption, it is important to remember your passwords and passphrases; if you forget or lose them, you may lose your data.
  • Be cautious of public Wi-Fi networks – Before you connect to any public wireless hotspot—like on an airplane or in an airport, hotel, train/bus station or café:
    • Be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate.
    • Do not conduct sensitive activities, such as online shopping, banking, or sensitive work, using a public wireless network.
    • Only use sites that begin with “https://” when online shopping or banking. Using your mobile network connection is generally more secure than using a public wireless network.

Authors: US-CERT Publications and Stop.Think.Connect™


This product is provided subject to this Notification and this Privacy & Use policy.

ST05-017: Cybersecurity for Electronic Devices

Original release date: December 19, 2011 | Last revised: February 06, 2013

When you think about cybersecurity, remember that electronics such as smartphones and other internet-enabled devices may also be vulnerable to attack. Take appropriate precautions to limit your risk.

Why does cybersecurity extend beyond computers?

Actually, the issue is not that cybersecurity extends beyond computers; it is that computers extend beyond traditional laptops and desktops. Many electronic devices are computers—from cell phones and tablets to video games and car navigation systems. While computers provide increased features and functionality, they also introduce new risks. Attackers may be able to take advantage of these technological advancements to target devices previously considered “safe.” For example, an attacker may be able to infect your cell phone with a virus, steal your phone or wireless service, or access the data on your device. Not only do these activities have implications for your personal information, but they could also have serious consequences if you store corporate information on the device.

What types of electronics are vulnerable?

Any piece of electronic equipment that uses some kind of computerized component is vulnerable to software imperfections and vulnerabilities. The risks increase if the device is connected to the internet or a network that an attacker may be able to access. Remember that a wireless connection also introduces these risks (see Securing Wireless Networks for more information). The outside connection provides a way for an attacker to send information to or extract information from your device.

How can you protect yourself?

  • Remember physical security – Having physical access to a device makes it easier for an attacker to extract or corrupt information. Do not leave your device unattended in public or easily accessible areas (see Protecting Portable Devices: Physical Security for more information).
  • Keep software up to date – If the vendor releases updates for the software operating your device, install them as soon as possible. Installing them will prevent attackers from being able to take advantage of known problems or vulnerabilities (see Understanding Patches for more information).
  • Use good passwords – Choose devices that allow you to protect your information with passwords. Select passwords that will be difficult for thieves to guess, and use different passwords for different programs and devices (see Choosing and Protecting Passwords for more information). Do not choose options that allow your computer to remember your passwords.
  • Disable remote connectivity – Some mobile devices are equipped with wireless technologies, such as Bluetooth, that can be used to connect to other devices or computers. You should disable these features when they are not in use (see Understanding Bluetooth Technology for more information).
  • Encrypt files – If you are storing personal or corporate information, see if your device offers the option to encrypt the files. By encrypting files, you ensure that unauthorized people can’t view data even if they can physically access it. When you use encryption, it is important to remember your passwords and passphrases; if you forget or lose them, you may lose your data.

Authors: Mindi McDowell and Matt Lytle


This product is provided subject to this Notification and this Privacy & Use policy.

OSTI and Norwood Elementary, holiday buddies for many years

osti.gov
The U.S. Department of Energy (DOE) Office of Scientific and Technical Information (OSTI) brightens the holidays for a number of area school children. Since the early 1990s, staff at OSTI have sponsored an Angel Tree Program for students from Norwood Elementary School. This year, each child in the program had three Angels on the OSTI tree. The wrapped gifts were collected and delivered to the Oliver Springs Angel Tree Ministry which distributes the gifts to the children before the winter break. Earlier in December, OSTI collected food items to be distributed to children for their weekend meals. This long-standing tradition is one way OSTI participates in the local community. OSTI, within the DOE Office of Science and located at 1 Science.gov Way in Oak Ridge, advances science and sustains technological creativity by making R&D findings available and useable to DOE researchers and to the public.

Stanford in the Spotlight at .EDUconnections

EDUconnections
Stanford’s list of Nobel Laureates is long and distinguished, as is its research relationship with the U.S. Department of Energy. Read about Stanford’s research and resource connections to DOE at the OSTI .EDUconnections website. .EDUconnections features U.S. community colleges and universities committed to supporting and advancing DOE scientific research programs. For more institutions in the .EDUconnections spotlight, visit the archive page.