Remember that feeling where your heart skips a beat? Or two? Or many? Where your breath gets caught in your throat? “Époustouflant” as the French say, but not in a good way? The moment when you can’t find your smartphone, even after looking everywhere? The moment on the tram when you recall that you didn’t lock your bike? Or your car? Your apartment? The shock to find your bike… gone? Your car broken into? Your apartment burgled? The moment when days of frustration will start… The emotional stress of talking to the police and the insurance company, recovering any stolen documents, mourning the loss of precious souvenirs, rebuying expensive household items… Many moments in tears.

While the Computer Security Office can’t help you with physical crimes (and hope you will never be subjected to those!), we can prepare you for the digital ones. The moment when your smartphone or laptop gets stolen or lost. With all your data, documents, photos, videos, etc. With information you might deem confidential, sensitive, of importance to you. Putting in place additional measures to make sure that, while your smartphone or laptop might be gone forever, its data is not. And that this data cannot fall into the hands of any person other than you. In fact, there are four simple recommendations that can reduce any emotional and financial impact:

1. Protect your device with a proper password. “Proper”, please!, meaning that four or six digits as a PIN or some very common “swipe” patterns are not sufficient, even if it means that your device might delay log-in after three or more failed attempts. Instead, like with your CERN password, your smartphone and laptop protection should be looooooooooong. The longer the better. In parallel, enable additional theft protections (like “Stolen Device Protection” on your iPhone) as well as the optional wiping feature, which deletes all data if the password is entered wrongly too many times. With any good password, malicious user access is inhibited…
2. …but not impossible, as a thief might still access your device’s memory directly, i.e. like you plug in a USB stick and read any of your data directly. That’s why you should ensure that your laptop is encrypted by “BitLocker” for Windows operating systems, “FileVault” for MacBooks or “LUKS” for the major Linux distributions. With proper hard-disk encryption, your data is unreadable even if its data storage can be accessed physically.
3. Turn the device’s “location” and “remote wiping” features on. They allow you to trace your device all over the world, and to trigger a remote purge of all its data if need be. The only requirement is that your device connect to the internet once more. While thieves might know about these features and will therefore try to avoid any Wi-Fi/internet access to avoid location and wiping, these features are still the very last resort before your device enters nirvana.
4. Have a back-up. Synchronise your smartphone photos with the Apple or Google cloud (at a cost). Take regular snapshots of your laptop’s data, where “regular” means every time there are substantial and to-you-important changes to the stored data. Or, alternatively, synchronise your laptop with a Dropbox-like service. And synchronise your professional/CERN data and documents with CERNBox.cern.ch. Thanks to a recent back-up, at least the emotional loss can be held at bay. And the impact on your work at CERN is minimised.

Actually, CERN’s institutional data should always be stored at CERN. On CERNBox.cern.ch.  Engineering data on EDMS.cern.ch. Software in GitLab.cern.ch. Presentations on indico.cern.ch. Papers and publications on CDS.cern.ch. Emails in CERN’s email service. A local copy might be kept on your laptop, but laptops might disappear. It is less likely that CERN’s central service will disappear.

While the above surely applies to all mobile devices, the CERN IT department also provides, in addition to the CERNBox service for everyone, fail-proof hard-disk encryption and remote wiping capabilities for all newly purchased CERN devices as this is mandatory under CERN’s Computing Rules. In the – hopefully never occurring – event of your CERN laptop or MacBook being lost or stolen, just file a “Declaration of loss or theft” in a ServiceNow ticket, and let IT help you secure your documents and data*. For sure, it is better to remotely wipe a disk than to wipe away tears, don’t you think?

*Actually, the Computer Security Office sometimes even manages to find the lost or stolen device.

________

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.