Mobile Devices

More and more people are using mobile devices like smart phones and tablets and often don't consider the associated security issues.  Although many mobile devices have the complexity, functionality and processing power of some small computers, they actually lack many of the security controls needed.  The following are a few things you should keep in mind while using your mobile device.

Best Practices:

  • Passwords & PIN- One of your strongest lines of defense is using a password or PIN to access your mobile device.  By using a strong password or PIN you can help protect any personal information as well as any unwanted use of the device if lost or stolen.
  • Setup remote wipe functionality ahead of time.  Most mobile devices support software that can locate and/or erase your information remotely.  For instance, iPhones and iPads come with the “Find My iPhone” feature which is enabled using your Apple ID.  In order to employ remote wiping, you will need to install or configure special software in advance (while you still possess the device).  All operating system platforms are different, so consult your owner’s manual for setup instructions.   
  • Keep mobile device operating system (OS), software and applications up to date.  Just like on your computer, you should always make sure that you are keeping the operating system and all applications current on your mobile devices.  Doing so will help protect your device from unknown threats.
  • Disable or remove features/applications not being used.  If your mobile device has features you are not using, i.e. Bluetooth or wireless, you should disable those features, until you are ready to use them.  The more applications you install the more vulnerabilities you could be adding to your device.  If you are going to download applications, do so only from trustworthy sites. 
  • Be cautious about clicking on links or returning calls and text messages from unsolicited or unknown callers.  If it sounds too good to be true it probably is, so don't respond to unknown emails, text messages or click on any links or attachments from un-trusted sources. Be aware that phishing attacks and malicious websites can still be threats, no matter what type of device is being used.
  • Be aware of viewing and storing sensitive documents and emails on your mobile devices.  If proper security measures are not in place and the device is lost or stolen, sensitive information could get into the hands of others.  In the case of University faculty and staff email, lost or stolen mobile devices can have email wiped remotely.  For more information visit the policy on Mandatory Reporting
  • Lost or stolen device?  Wipe your Exchange account.  If you have your University email account synched with your mobile device you can have the account remote wiped.  Faculty and staff must call the Tech Support at 882-5000.  Students can remote wipe their mobile device by logging into Office 365 Mail.  Visit the KnowledgeBase for detailed instructions. 
  • Protect sensitive information when using wireless such as free Wi-Fi in public places.  Public Wi-Fi spots can be dangerous places, where criminals can gather sensitive and personal information being shared over a wireless connection.  Users should avoid checking bank statements, making purchases or sending other sensitive information over the Internet on public Wi-Fi networks. 
  • Get your device checked after traveling!  If you have been traveling outside the United States and used your mobile device for Internet purposes, you should have your device checked by an IT Professional as well as run your anti-virus software BEFORE connecting it to the University’s network.
  • Understand and comply with University policies that may affect you.

Using a mobile device does not eliminate the same cyber threats that we see with using personal computers, whether its phishing attacks or malicious websites, the cyber threat is still there.  By being aware of these risks and knowing security best practices for mobile devices you can help protect you and your information from being attacked or stolen.

Last updated: February 06, 2015