Home Information for UM Faculty and Staff Mobile Device Security Mobile Device Security Research Scenarios

Mobile Device Security Research Scenarios

Take a look at these scenarios, which are based on real situations that researchers at U-M have encountered. Recommended solutions with links to further information follow each case.

Laptop use and e-mail from a remote location

Research is being conducted in other states by hired contractors. Laptop computers are distributed to contractors, who carry them in their cars to field sites. Information that is personal and private is collected. Once the information is recorded on the laptop, it is then e-mailed back to the University in Ann Arbor. Laptops are often stolen from cars, or even by the people who have been hired to collect the data.

Possible solutions:

For users who are the administrators of their own computers:

• Protect the data through built-in encryption.
• Back up the data in clear text elsewhere.
• Lock up the laptop with a low jack.

For users who have computers that are administrated by an IT professional or department

• Install software that will remotely wipe the data from the laptop.
• Install a tracking device to locate the laptop.

Thumb drive use in a remote location

A PI in a third-world country stores sensitive data on a thumb drive to transport back to Ann Arbor. Local authorities become suspicious of the information and confiscate the device.

Possible solutions:

For users who are the administrators of their own computers:

• Protect the data through built-in encryption
• Back up the data in clear text elsewhere (CD, paper copy).

E-mailing from a cyber-café

A PI has been storing information that is personal and private on a laptop and is getting ready to leave the country. Before leaving, however, the PI wants to e-mail the data back to Ann Arbor as there is a chance that the laptop might be confiscated at customs. The only Internet connection available is a cyber-café.

Possible solutions:

For users who are the administrators of their own computers:

• Email the data via a secure connection.
• Back up the data in clear text elsewhere (CD, paper copy)

For users who have computers that are administrated by an IT professional or department

• Install software that will wipe the data from the laptop.

Thumb drive use with sensitive data

Information that is personal and private is being shared between researchers who are all using different computers and platforms. In order to share data between machines, researchers have been using e-mail to send documents back and forth, but want to start using thumb drives to hold larger amounts of data.

Possible solutions:

For users who are the administrators of their own computers:

• Use a thumb drive that is encryption-enabled and compatible with both Macs and PCs.

Saving sensitive info to a shared drive

Researchers are surveying consumers on their preferences for certain products and collecting this information in an Excel spreadsheet, which is then saved to a shared drive.

Possible solutions

For users who are the administrators of their own computers:

• Refrain from collecting information that is sensitive in nature, or de-identify it if private data (like social security numbers or driver’s license numbers) are not relevant to the project. If it’s not collected and stored, it can’t be stolen.
• If sensitive information is collected, protect the data through built-in encryption.