Using your own devices can be convenient, especially when all files and work-related materials can be found on one device and the employee does not have to cope with several devices. In addition, personal devices are usually familiar to the user, and using these can be easier and faster. Despite the practicality, one must also remember the information security risks of using personal devices.
The information security of personal devices is often not maintained as consistently as the information security of organizational devices. When using your own devices at work, it must be noted that users are responsible for ensuring that their devices are adequately protected.
You have to take good care of your own devices, because a lost device that has been used for work can cause an information security risk if criminals gain access to the data on it. It is therefore recommended to enable remote device management functions for your own devices, when possible, which allow you to track and erase a lost device.
When handling confidential information and material containing personal data, the employee must follow the instructions given by the university regarding handling of personal and/or confidential information and special care. Confidential information and personal data should be processed mainly with equipment and tools provided by the university and in services managed by the university, in compliance with the restrictions of the confidentiality guidelines. Files that are confidential or contain personal information may not be saved on your personal devices. Confidential information and personal data may not be processed in consumer cloud services intended for private use, in other words, in services that the university does not have a contract with.
When using a device for work, it is recommended to encrypt it according to the university's instructions. Also take into account university's remote work information security guidelines and mobile devices information security guidelines.
Keep your computer and all software up to date. Install updates as soon as they become available.
Get good virus protection software for your computer, if you don't already have some. Good and free virus protection program is offered by, for example, Avira, Bitdefender and Avast. Run regular malware scans using a virus detection program. Make sure the firewall is enabled.
Back up your data regularly. You never know when a device will break for one reason or another.
Download and install only the apps you really need. Only download apps from trusted sources and check the app's terms of use, or at least how the app handles your data, before installing it.
Protect your computer with a password or other similar protection (e.g. biometric protection).
If you suspect that malware has infected your computer, do not, for example, use online bank services or type your passwords anywhere until the malware has been removed. The malware could record your keyboard by using a keylogger, for example. It is recommended to immediately disconnect your computer from the Internet. This way any information collected by the malware cannot be passed on.
A new PIN code must be set on your mobile device instead of the default code. You should set the screen to lock automatically after a delay that suits your usage patterns to protect your device from improper use if you leave it for a while.
The mobile device must be taken good care of physically. Avoid dropping or bending the device along with extreme temperatures or radical changes in temperature. Due to these physical threats, you should remember to back up data on the device frequently.
A wide variety of applications can be installed on a mobile device, and these must be used carefully. Install only necessary applications on your device. In that way you minimize the potential sources of security threats. To avoid malware, you should only download apps from your device's official app store.
Give each application only the rights it really needs for its operation. For example, the flashlight app does not need rights to your contact information even if it asks. As soon as you start an application, check what rights the application requests and for what purposes the applications state that they need these rights.
If you give your mobile device to another person or you recycle it, make sure that no personal data has been left on the device and restore the device's factory settings. If you use a phone that someone else had, you should restore it to its factory settings. In addition, it is worth checking that the phone is not connected to a former owner's cloud service where the data you save is automatically transferred to the former owner.
Smart watches are just one of many smart technology products that are part of the Internet of Things. This market continues to grow and devices are increasingly vulnerable to cyberattacks.
If you use a smart watch at work, and you have connected it to, for example, your own phone or your work phone, you should adjust the settings of the smart watch so that you only receive a notification from, for example, email. This is important especially in cases where an email concerns more sensitive matters.
Please note that smartwatches collect a lot of data about the user. Who can see the collected data? How securely is it stored? Will your data be sent to third parties? By reading the information security policies of the smartwatch and its applications, you can find the answer to some of your questions.
A smartwatch is like a small laptop or smartphone on your wrist, so it's easy to remember the same basic things to protect your smartwatch, as they are almost identical to protecting your computer and mobile device. Things to remember include setting a security code or changing the default password, in addition to which the privacy settings of the applications you download and the uses of your data must be checked. Remember to update your smartwatch. In addition, it is good to set as few rights as possible for applications on the smartwatch.
If there is two-step verification in the settings of your smartwatch, use it. This is how you prevent unwanted users from connecting to your smartwatch. Your smartwatch may also have a separate setting to prevent the connection of unknown devices. If there is one, enable it.
Do not download apps to your smartwatch from sources other than official app stores. Be careful when downloading apps even from official app stores, because the Apple App Store and Google Play do not detect all harmful apps.
Do not modify the internal firmware of your smartwatch, as this can leave you without firmware updates for your system, which include security updates.
Processing confidential material in the smartwatch is prohibited.
Use a VPN if possible.
The same information security instructions apply to hybrid smartwatches as to smartwatches.
Remember to read instructions on how to safely reuse and dispose of devices and storage media, if you plan to recycle your device.