Smart Phone Security
With the increasing use of mobile devices comes accompanying risks to data stored on the devices. Following are a number of best practices to help users secure their smart phones.
Best Practices for General Smart Phone Security
- Be aware of the possibility of theft. Smart phones are small and easily misplaced or lost. If an individual steals your smart phone, it may be only a matter of time before even the best secured device is compromised.
- Be aware of the risks of “Social Engineering”. If you are making a phone call that involves sensitive information, for example, a credit card number, be sure that no one can overhear you and use your information fraudulently or to commit identity theft.
- Contact your smart phone provider as soon as your smart phone is lost or you think it’s been hacked. If the smart phone was provided by your department, and there is a risk that University-owned sensitive information may be in danger, contact your Information Security Liaison. If you don’t know who your Information Security Liaison is, contact the Information Technology Response Center (ITRC). Ask that they send a Critical Remedy ticket to the Information Security Office. ITRC phone lines are staffed 24x7x365. At a minimum, if your smart phone is lost or stolen you’ll want to discontinue service immediately before the thief can run up a big bill.
- Password protect your phone. Use a strong password (minimum of 8 characters, with a mixture of numbers, symbols, and upper and lower case letters).
- Turn off Bluetooth, unless you need it. Disabling the Bluetooth service will significantly decrease a hacker’s opportunity to wirelessly hack into your phone.
- Obtain and install anti-virus software, if it’s available for your model, and keep it updated. New malware is created every day, so it’s important to have anti-virus software on your cell phone.
- Don’t accept files and text messages from individuals you do not know.
- Obtain and install encryption software for your cell phone, if available. Encrypting data can help users prevent identity theft and the loss of sensitive information. Encryption can also help institutions meet compliance guidelines for state and federal regulations, as well as mitigate financial risk.
- Press the power button to lock the device whenever it is not in use.
- Verify the location of printers before printing sensitive documents.
- Use a self-service portal to lock and locate lost devices.
- Consider the privacy implications before enabling location-based services and limit usage to trusted applications.
- Manage access to iTunes AppleID, Google and OneDrive accounts, which are tied to sensitive data.
- Keep University-owned sensitive information off of mobile devices.
Additional Information for Specific Models