Written By: Security.org Team | Updated: December 20, 2022

Many folks put sensitive data on their computers, cellphones and other devices. In fact, someone browsing through one of your devices might quickly find your bank account numbers, email passwords and your child’s Social Security number. This type of vulnerability is a tradeoff you may make for convenience, but there are ways to minimize the risks you open yourself up to.

Of course, your device doesn’t have to be borrowed, lost or stolen for sensitive data to be accessed. Hackers, whether they live down the street or on the other side of the world, know their stuff. They are continually learning and adapting. The good news is that you, too, have the ability to refine your data storage techniques and to keep the sensitive aspects of your life private from hackers.

Expert Quotes on Securely Storing Sensitive Data on Computers and Portable Devices

Expert testimonies on securing sensitive data on computers and portable devices
Image multiple of devices

What Devices Might You Need to Consider?

You may be surprised at all the different devices your sensitive data might be on. There are personal computers such as desktops, and portability brings more players into the picture. Consider devices such as the following:

  • Icon of smartphone

    Personal smartphones

  • Icon of work phone

    Work smartphones

  • Icon of tablet

    Tablets

  • Icon of thumb drive

    Thumb drives/flash drives

  • Icon of a video game system

    Videogame systems

  • Icon of a laptop

    Laptop and notebook computers

It’s not uncommon for a household to have all of the above devices.

Image representing data

What Are the Types of Data You Need to Protect?

In general, “sensitive data” means personal, legal, financial and medical information, especially if it can identify you or your family members. Examples include:

  • Image of a social security card

    Social Security numbers

  • Image of driver's license

    Driver’s license numbers

  • Image of a bank

    Bank account numbers

  • Image of a computer window

    Email passwords

  • Image of a person talking

    Proprietary information from your business or employer

  • Image of a credit card

    Cardholder numbers

  • Image of a signature

    Digital signatures

  • Image of a document

    You or your parents’ previous legal names before marriage or a name change

This information could be spread across many cellphone apps without you realizing it. For example, maybe your photo album has a picture of your driver’s license and store loyalty card, your messenger app has a conversation between you and your spouse about a loan application, and the conversation includes both of your SSNs, your Notes app lists various passwords and bank account numbers, and your email app enables access to messages that contain a wealth of additional sensitive information.

Image a secured devices

Computer and Portable Device Security Basics

To keep your computers and portable devices as secure as possible, take the following steps:

  • Icon of a computer

    Limit device access with passwords / passcodes / passphrases, fingerprints and/or facial recognition programs.

  • Icon of an encrypted input field

    Use strong, unique passwords.

  • Icon of a several people

    Know who all is using your devices and have appropriate protocols for each user.

  • Icon of a download symbol

    Download mobile apps only from the approved store, and research each app first.

  • Icon of a secured input field

    Use unique passwords for each app that has or uses sensitive data (Android options and iPhone options)

  • Icon of a secured window on a computer

    Use an erase data feature to erase data after a certain number of failed password or passcode attempts.

  • Icon of a hard drive

    Install apps for remote data wiping if you lose your phone or it gets stolen.

  • Icon of a thumb drive

    Save much of your data on flash drives, external hard drives or other removable media.

  • Icon of a secured laptop

    Use Kensington lock ports for your laptop when you’re in public (just don’t forget the passcode for the lock!)

  • Icon of a computer webcam session

    Cover your computer, phone and tablet webcams with shades.

  • Icon of a cellphone

    Use your cellphone’s data plan instead of public Wi-Fi when possible

  • Icon of a VPN network

    Use VPNs to send and receive data securely

  • Icon of a laptop and filters

    Install screen filters that prevent many instances of shoulder surfing (and that reduce blue light).

  • Icon of a files and flame

    Use firewalls, anti-virus software and the like.

  • Icon of a secured gear

    Restrict your Wi-Fi settings to protect your data when you’re in public.

  • Icon of a device connected to the internet

    Disconnect your devices from the internet whenever you’re offline.

  • Icon of a data rack

    Back your data up regularly and frequently.

  • Icon of a anti location tracking

    Turn off location tracking when feasible.

Image of secured devices

Passwords, Passcodes and Biometric Identifiers

Some devices may go past passwords or passcodes, giving you the option of using fingerprints or facial recognition. Similarly, you might be able to draw a pattern to unlock your cellphone rather than key in a numeric code. Whatever you do, the first rule of securely storing sensitive data is to use SOMETHING.

To be sure, these security measures can get inconvenient and cumbersome fast, especially if you constantly use your phone. The solution tends to come down to a risk assessment. For example, if you’re merely hanging out at home with your family or people you trust, it may be fine to temporarily suspend passcodes or fingerprint recognition. Just remember to restore your security measures when you go out.

Experiment with the different security measures that your devices offer. For instance, you may find that you actually don’t mind Touch ID on your iPhone. The newer your devices are, the smoother and faster their authentication processes may be.

That said, passwords and passcodes do have their place on virtually any device, and it’s critical that these character strings be strong. Did you know that there’s a tool called GrayKey that can crack passcodes? If your passcode is four digits, the process might take a mere 13 minutes. With six digits, the time to crack can increase considerably to about 22 hours.

Still, six-digit passcodes are relatively weak. You want eight-digit codes or, even better, 10-digit codes. You may need to root around in your passcode settings for a bit to find the options for longer or custom passcodes, but many devices have them.

Not ideal: A passcode using dates relevant to your life that anyone could dig up. If your birthday, loved one’s birthday, wedding date or date of graduation is right there on social media, then cracking your passcode may not require rocket science. Ditto with passcodes such as, “7777777777” or “1234567890.”

Unfortunately, no matter how good or random a numeric passcode is, they are much easier to break than alphanumeric passcodes, which bring more possible characters into play. Whenever possible, opt for alphanumeric passcodes and passwords rather than those that are strictly numeric.

What makes for a strong password or passcode?

  • Checkmark

    It’s long, at least eight characters (even longer is better).

  • Checkmark

    It’s unique, something you never used before and that isn’t used on other devices or for other accounts.

  • Checkmark

    It combines numbers, symbols and uppercase and lowercase letters.

  • Checkmark

    It doesn’t include personal information such as a pet’s name or your house number.

Of course, remembering 10 different long passwords is no easy feat. Many experts recommend this strategy: Come up with a sentence relevant to you and that includes a mix of keyboard characters. For instance, you might think, “I would love to have 4 pets: A dog, cat, rabbit and snake!” Taking the first initial from each and including characters, you now have, “Iwlth4p:Adcras!” You can even add the commas if you want.

Important: Use strong passwords and passcodes to secure your devices AND to secure each of your accounts such as your bank account and email account.

Many devices give you the option to have all of the data on a device be erased after X number of failed passcode attempts (10, for example). After you have the hang of a new passcode and it’s secure in your memory, it’s a good idea to turn on this option.

Also, you may wonder if you should use a password manager. If your other option is reusing passwords or creating weak, easy-to-guess passwords, then yes! It’s important to have an extremely strong master password because it controls access to your other passwords.

Image representing encryption and security

Full Disk Encryption or Full Device Encryption

Encryption is another piece of the data storage puzzle. If you have an Android phone, try these steps. For an iPad or iPhone, simply setting a passcode encrypts much of your data, including email messages and attachments. You can also encrypt data on devices such as thumb drives and SD cards.

You may have to do a little research for each device you want to encrypt, but it’s time well-spent.

Image of a thumb drive

Removable Data Storage

One strategy for securely storing sensitive data is to keep most or all of it on removable devices such as flash drives. That way, if a laptop gets lost/stolen, there’s very little data on the computer itself that could compromise your life.

Pros of using removable media include the following:

  • Icon of pro check mark

    Can be password protected and encrypted

  • Icon of pro check mark

    Affordable

  • Icon of pro check mark

    Easy to use

  • Icon of pro check mark

    Internet connection not necessary (the drive isn’t vulnerable to online hacking in the way an internet-connected computer might be)

  • Icon of pro check mark

    Can be prompted to lock down, destroy data or reformat itself after a certain number of failed password attempts

Cons include:

  • Icon of a con x mark

    Can be lost or stolen, especially if not stored

  • Icon of a con x mark

    Vulnerable to destruction (fire, water, etc.)

  • Icon of a con x mark

    May have a limited life span

  • Icon of a con x mark

    Some malware risk exists if removable media are inserted into a malware-infected computer

It’s possible to minimize the risk of those disadvantages. For instance, with malware, you should insert your flash drives only into trusted devices. To safeguard against loss, theft or destruction, you may want to keep flash drives on lanyards and key rings or inside closed or locked compartments.

As for the limited life span, don’t treat any single flash drive or removable media option as a long-term, primary data storage device. For instance, you could keep a written record of your passwords and other data in a locked safe.

Image of a computer and the cloud

The Cloud

“The cloud” adds another potential layer of complexity to data storage. It can help in disaster recovery (like if a fire destroys your flash drive). So, the cloud can be viable alternative to options such as flash drive storage.

Secure cloud storage starts with having an excellent password, but that data can still be vulnerable to viruses, password hacks and cloud services’ varying security practices.

In other words, cloud computing can be a convenient, even smart, option for data storage. It may keep sensitive data off your computers and portable devices, but you should still take regular security measures to minimize risks. For example, if your cloud service offers data encryption, don’t rely on that alone to protect your data. Still encrypt data on your own before uploading it to the cloud.

Also—never store your encryption keys in the cloud.

Image of device backup

Regular and Frequent Data Backups

Chances are that your sensitive data changes from time to time. For instance, you may update a password or open a new bank account. By backing up your data regularly and frequently to removable storage or to the cloud, you can still access your data if a device is stolen. Having that up-to-date information also lets you know at a glance what data the thief might have access to. You can focus on changing those areas first.

Image representing a firewall

Firewalls

Hackers may try to break into your computer or portable devices from afar. A firewall is a key mechanism in blocking their efforts. Firewalls are also critically important if you’re out and about or traveling.

If you don’t use firewalls yet, install them as soon as possible.

Image of a laptop and an anti bug icon

Anti-Virus, Anti-Malware and Anti-Spyware Protection

Your computers, both desktop and portable, benefit from having anti-virus software. Some software packages also offer anti-malware and anti-spyware protection.

If you have an Android phone, the programs listed here may help. If you own an iPhone, you don’t need antivirus software.

Image of a WiFi device

Wi-Fi Settings

Your portable devices may be enabled to automatically connect to Wi-Fi networks when you’re out and about. In other words, you could be driving by a coffee shop and get connected to its public network while idling at a red light. That one or two minutes could give hackers the opportunity to grab sensitive data on your phone.

So, turn off automatic connections or require your device to ask permission before joining a network.

As for your home Wi-Fi network, definitely secure it. Many folks don’t bother to password protect their networks, and that opens up their computers, cellphones and other devices to data theft.

Depending on your router, you may be able to see the devices connected to your network. Change the network password anytime something suspicious happens, and keep your equipment and software up to date. Use the best encryption protocols available.

What about when you have guests? You may be able to set up a guest network or home hotspot. However, if you give guests password access to your network, the password definitely should not be one you use elsewhere.

Image of a phone running an app

Caution with Mobile Apps

Mobile apps can be great! For example, you get to play Pokemon Go, check Facebook, see your bank balance and turn your phone into a flashlight when it’s dark outside. However, many mobile apps don’t protect your data well. There can be malware and a lack of encryption, for example.

To keep your data safe, take steps such as asking yourself whether an app really needs to know X and Y things. For example, does a flashlight app really need to access your Facebook account? Before you install any apps, research them and find them yourself in the app store as opposed to blindly following an app link from a website. Just as important, constantly update your apps to ensure you have the latest security patches.

Also, avoid jailbreaking your phone. Modifying your device in this way leaves the software more vulnerable to data theft.

Now for the bright side of mobile apps: Apps such as NordVPN can encrypt your phone internet traffic, and Signal Private Messenger can protect your private conversations.

Conclusion

Whew! There’s a lot to process when it comes to secure data storage on your devices. This probably goes without saying, but if you can avoid having sensitive data stored in the first place, do so. For instance, don’t hold texting conversations in which you list Social Security numbers, passwords or bank account numbers.

In general, though, using strong passwords, encryption tools and pre-approved mobile apps can get you started on the path to good data storage on your devices. Back up your data regularly too.

Additional Resources