Skip to end of metadata
Go to start of metadata

Other Hot Topics: Cloud Computing Security | Cloud Data Storage Solutions | Community Based Security Awareness | Copier and Multi-Function Device Security | Full Disk Encryption | Managing Malware | Social Networking Security | Statewide Longitudinal Data Systems

Ten Steps to Secure Your Mobile Device

  1. Configure mobile devices securely.
    1. Enable auto-lock.
    2. Enable password protection and require complex passwords.
    3. Avoid using auto-complete features that remember user names or passwords.
    4. Ensure that browser security settings are configured appropriately.
    5. Enable remote wipe.
    6. Ensure that SSL protection is enabled, if available.
  2. Connect to secure Wi-Fi networks and disable Wi-Fi when not in use.
    1. US-CERT recommends disabling features not currently in use such as Bluetooth, infrared, or Wi-Fi. Additionally, set Bluetooth-enabled devices to non-discoverable to render them invisible to unauthenticated devices.
    2. Avoid joining unknown Wi-Fi networks.
  3. Update mobile devices frequently. Select the automatic update option if available.
    1. US-CERT recommends maintaining up-to-date software, including operating systems and applications.
  4. Utilize anti-virus programs and configure automatic updates if possible.
    1. US-CERT recommends installing anti-virus software as it becomes available and maintaining up-to-date signatures and engines.
  5. Use an encryption solution to keep portable data secure in transit.
    1. Data protection is essential. If confidential data must be accessed or stored using a mobile device, make sure users have installed an encryption solution (e.g., GuardianEdge Smartphone Protection, McAfee Endpoint Encryption, PGP Mobile, Pointsec Mobile Encryption).
    2. Do an assessment - or at least be aware - of the encryption options available for mobile devices. Some devices may offer more mature security solutions than others. For example, Sophos has an article about iPhone vs. BlackBerry: A Mobile Device Comparison which notes that "either device can be used as a secure business tool if it is configured properly and used correctly."
    3. Consider using thin client models so that data is centrally and securely maintained. This is one option to help avoid the issue of storing confidential data on mobile devices. It also means not having to develop new solutions every time a new mobile technology is released.
    4. Educate users that they should avoid using or storing confidential data on a mobile device whenever possible.
  6. Use digital certificates on mobile devices.
    1. Refer to the following university examples below: UT-Austin and University of Virginia.
  7. Take appropriate physical security measures to prevent theft or enable recovery of mobile devices.
    1. For laptops, use cable locks.
    2. Use tracing and tracking software (e.g., Computrace, Lookout, MobileMe, STOP).
    3. Never leave your mobile device unattended.
    4. Report lost or stolen devices immediately.
    5. Remember to back up data on your mobile device on a regular basis.
  8. Use appropriate sanitization and disposal procedures for mobile devices.
    1. Delete all information stored in a device prior to discarding, exchanging, or donating it.
  9. Institutions should develop appropriate policies, procedures, standards, and guidelines for mobile devices.
    1. Refer to the following university examples below: Canisius College, GW, KUMC, Rockhurst University, and University of Tennessee.
  10. Institutions should also educate students, faculty, and staff about mobile device security.
    1. Remind users to be cautious when opening e-mail and text message attachments or clicking on links.
    2. US-CERT recommends that users avoid opening files, clicking links, or calling numbers contained in unsolicited e-mails or text messages.
    3. Be aware of current threats affecting mobile devices.
    4. Know what you're downloading. Make sure you download apps from reputable developers.
Additional Resources for Mobile Device Security

Higher Education Resources

Industry & Other Resources

Questions or comments? Contact us.

Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.

mobile mobile Delete
device device Delete
security security Delete
encryption encryption Delete
laptops laptops Delete
smartphones smartphones Delete
portable portable Delete
educause educause Delete
heisc heisc Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.