Adversaries can track the locations of teleworking federal employees through smartphones, fitness trackers, medical technology and countless other Internet of Things devices. Since remote work is here for the foreseeable future, and with devices traveling regularly between home and office, here are tips from the National Security Agency on how to limit location exposure:
1. Store and Use Devices in a Nonsensitive Location
All devices with wireless capabilities, including personal devices, should be left at a place that will not reveal the user’s location. Vehicles with built-in wireless communications should also have the capabilities turned off in unsecured locations.
2. Restrict Use of Public Wi-Fi, Bluetooth and Other Connectivity
Cybercriminals can use unsecured public Wi-Fi hotspots to access sensitive data on devices. If connecting to a public Wi-Fi hotspot, federal employees should use their agency’s VPN. Employees should also disable Bluetooth and near-field communication and turn off discovery mode when devices are in a public location.
3. Turn Off Location Collection in Apps and Ad Trackers
Applications installed on mobile devices may collect and transmit data that reveals a user’s location. Photos may also unwittingly disclose locations; social media apps, for instance, often store revealing metadata in images. Federal employees should be aware of which apps and ad trackers collect data by checking their privacy settings.
4. Minimize Mobile Web Browsing
Many websites use browser fingerprinting to gather location information. If federal employees must use a mobile web browser, it’s important to incorporate secure browsing methods such as only accessing websites that use Hypertext Transfer Protocol Secure. For an additional layer of security, virtual machines can be used to process untrusted data from external sources.