Support Page Content
Mobile Device Security
When you think about device security, we often think mainly of computer workstations. It's easy to overlook security practices on our mobile devices, but mobile devices require even more care and attention: they're smaller and easier to misplace or steal; and since we often use them interchangeably for personal and business, tend to carry a wealth of data that needs to be protected.
Campus websites, applications, and mobile development follows the Web & Mobile Development Campus Security Guideline, and in addition, we've compiled the following security recommendations, how to's, and tools/settings you can implement today to ensure that your mobile devices - and the data stored on them - are secure against hackers and other security concerns.
Lock Your Smartphone
If you leave your smartphone unattended for a while – or worse, if it’s lost or stolen – you don’t want to make it easy for someone to go through the contents. Setting your smartphone lock (with a PIN or password required after an inactive period) is the single easiest way to thwart the efforts of would-be thieves from stealing your personal information.
You can usually lock your smartphone by using a screensaver or tweaking the security settings, but setup can vary by device. Here are a few examples:
- Android: Settings > Location & Security > Set up Screen Lock. The timeout delay is configured separately, under Settings > Display.
Android also offers a connect-the-dots swipe pattern you can use in lieu of a PIN or password, but it might leave telltale smudges on your screen a would-be hacker could replicate. - iPhone: Settings > General > Passcode Lock
Can't find how to do this on your device? Visit your device manufacturer's website for support.
Secure Your Mobile Device: Best Practices
Our thanks to Educause for developing these recommendations and steps you can take to protect your mobile devices against hacking and other security issues.
Configure mobile devices securely
- Auto-lock your smartphone when it's not in use.
- Enable password protection and require complex passwords.
- Don't use auto-complete features that remember user names or passwords.
- Ensure that browser security settings are configured appropriately.
- Enable remote wipe.
- Ensure SSL protection is enabled, if available.
Physical security measures to prevent theft/enable recovery of mobile devices.
- For laptops, use cable locks.
- Install and use tracing or tracking software to help locate lost or stolen devices.
- Never leave your mobile device unattended.
- Report lost or stolen devices immediately.
- Back up data on your mobile device on a regular basis.
Only use secure Wi-Fi networks and disable Wi-Fi when not in use.
- Don't join unknown Wi-Fi networks when in public (use Global Protect VPN for extra security), and stick to official, Wi-Fi networks like eduroam when on campus.
- US-CERT recommends disabling features not currently in use such as Bluetooth, infrared, or Wi-Fi.
- Set Bluetooth-enabled devices to non-discoverable to render them invisible to unauthenticated devices.
Update mobile devices frequently. Select the automatic update option if available.
- US-CERT recommends maintaining up-to-date software, including operating systems and applications. Up-to-date patching is a prerequisite for connecting to the Sac State wireless network.
Utilize anti-virus programs and configure automatic updates if possible.
- US-CERT recommends installing anti-virus software as it becomes available and maintaining up-to-date signatures and engines. Approved anti-virus is a prerequisite for connecting the Sac State wireless network.
- If confidential data must be accessed or stored using a mobile device, make sure you first install an encryption solution. Important: Confidential (Level 1) Sac State data may not be stored on a mobile device.
-
Do an assessment — or at least be aware — of the encryption options available for mobile devices. Some devices may offer more mature security solutions than others.
Use an encryption solution to keep portable data secure in transit.
- Data protection is essential. If confidential data must be accessed or stored using a mobile device, make sure you first install an encryption solution. Important: Confidential (Level 1) Sac State data may not be stored on a mobile device.
- Do an assessment — or at least be aware — of the encryption options available for mobile devices. Some devices may offer more mature security solutions than others.
Use appropriate data removal and disposal procedures for mobile devices.
- Be sure to securely delete all information stored on a device prior to discarding, exchanging, or donating it.
How Sac State Supports Mobile Security
In addition to tools such as multi-factor authentication through Duo and Global Protect VPN to support secure access on University-managed devices, Sac State is also committed to offering/recommending security tools and resources, as well as providing ongoing education to help protect your personal devices:
Institutions should develop appropriate policies, procedures, standards, and guidelines for mobile devices.
-
Refer to the Sac State Information Security Policy.
Institutions should also educate students, faculty, and staff about mobile device security.
Best practices include:
- Be cautious when opening e-mail and text message attachments, or clicking on links.
- Do not open files, click links, or call numbers in unsolicited e-mails or text messages. Learn more about phishing.
- Think before downloading - and only download apps from reputable developers.
- Read and follow instructions in campus SacSend messages or system notices on My Sac State when there are current threats affecting mobile devices.
Remote Tracking for Your Mobile Device
In addition to auto-locking your device to ensure your data can't be accessed if stolen or lost, it's a smart idea to make use of your device's built-in or bundled GPS capabilities. GPS auto-tracking can locate your device by using your IP address, and can be a lifesaver for finding a misplaced or lost device.
iOS: Find My iPhone
This free app has all the key features, including geolocation, remote alarm and remote wipe. Before you can use Find My iPhone, you need to enable it on each of your iOS devices and Mac computers and use the same iCloud account credentials. Find My iPhone requires iOS 5 or later (iOS 6 is required for Lost Mode), or OS X v10.7.2 or later.
Android, Linux, OSX, Windows + iOS: Prey
Prey works across phones, laptops, tablets and computers. An open source product, its features include geolocation, snap-shots, screenshots and remote hide/wipe. They offer both free and premium versions.