US-CERT Delivers Updated Cybersecurity Advice for Electronic Devices

The United States Computer Emergency Readiness Team (US-CERT) was established in 2003 to protect the nation's Internet infrastructure. The organization is tasked with analyzing and reducing cyber threats, vulnerabilities, sharing cyber threat information, and coordinating the response to incidents on a national scale. From time to time, the organization gets information out that pertains to consumer-level devices, and that is the case with the latest update from the group.

When you think about cybersecurity, remember that electronics such as smartphones and other internet-enabled devices may also be vulnerable to attack. Take appropriate precautions to limit your risk.

In an updated position on cybersecurity for electronic devices, the group advocates a variety of safe practices that should be implemented to secure electronic devices of all types. Today's cybersecurity landscape is beset by threats that go far beyond laptops and computers. The team identifies cell phones, car navigation systems, tablets, video games, and other devices as possible vectors for cybersecurity incidents. Through a series of prescribed best practices, the team advocates protecting oneself and their devices with common sense points of information:

• Remember physical security - Having physical access to a device makes it easier for an attacker to extract or corrupt information. Do not leave your device unattended in public or easily accessible areas (see Protecting Portable Devices: Physical Security for more information).
• Keep software up to date - If the vendor releases updates for the software operating your device, install them as soon as possible. Installing them will prevent attackers from being able to take advantage of known problems or vulnerabilities (see Understanding Patches for more information).
• Use good passwords - Choose devices that allow you to protect your information with passwords. Select passwords that will be difficult for thieves to guess, and use different passwords for different programs and devices (see Choosing and Protecting Passwords for more information). Do not choose options that allow your computer to remember your passwords.
• Disable remote connectivity - Some mobile devices are equipped with wireless technologies, such as Bluetooth, that can be used to connect to other devices or computers. You should disable these features when they are not in use (see Understanding Bluetooth Technology for more information).
• Encrypt files - If you are storing personal or corporate information, see if your device offers the option to encrypt the files. By encrypting files, you ensure that unauthorized people can't view data even if they can physically access it. When you use encryption, it is important to remember your passwords and passphrases; if you forget or lose them, you may lose your data.
• Be cautious of public Wi-Fi networks - Before you connect to any public wireless hotspot – like on an airplane or in an airport, hotel, train/bus station or café:
  • Be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate.
  • Do not conduct sensitive activities, such as online shopping, banking, or sensitive work, using a public wireless network.
  • Only use sites that begin with “https://” when online shopping or banking. Using your mobile network connection is generally more secure than using a public wireless network.

The release is an important update to previously released information on their site. For many observers, updates from US-CERT are expected and welcome. Critics of the program including United States Senator Tom Coburn have pointed out how the US-CERT team has historically not provided information as timely as its counterparts in the private sector.