Mobile Device Security Best Practices
Your tablet, smart phone, or e-reader is easy to use around campus because it is portable. However, it also carries a risk of being lost, stolen or misplaced. In addition, such devices may have weak authentication mechanisms that can be compromised or easily disabled. The risk to you and The University of Chicago is even greater if the device can access and store confidential data, or what the University has defined as sensitive data.
In order to help mitigate the risk, we provide guidance on actions you should take to protect your own data and that of others.
- Password protect your device and enable auto-lock. Choose the strongest password that your device can support.
- Consider using an image that provides a contact point should someone find your device and wish to return it. For example, the “If Found Lock Screen” for Apple products.
- Enable a remote wipe feature, if available. This may include features that will delete stored data on your mobile device if a password is entered incorrectly after a certain number of times. Check with your mobile device provider for specific information concerning your device. Users of an iPhone or iPad, who are running Microsoft Exchange, can wipe an entire device when removing their xMail data remotely. Blackberries have to be using ITS xMail services and use Blackberry Enterprise Services (BES) for syncing. To request a data wipe, email IT Services or call 773-702-5800. Some devices may be listed, but their support varies by official phone vendor. Jailbroken, rooted, non-manufacturer ROM-based devices may not respond to the wipe command.
- Follow standard security protocols, such as making sure all operating system and application updates and patches are installed.
- Report lost, stolen, or misplaced mobile devices to the police immediately. If your mobile device contained UChicago sensitive data email IT Security or call 773-702-2378 immediately. For technical assistance email the ITS Service Desk or call 773-702-5800.
- Disable wireless access, such as Bluetooth or Wi-Fi, etc., when not in use to prevent unauthorized wireless access to the device.