How can I protect data on my mobile device?
Like desktop computers, mobile devices (e.g., smartphones, tablets, laptops, and notebook computers) are frequently used to access and store both personal and institutional information. However, because of their portability, mobile devices are more susceptible than desktop systems to loss and theft. Following are safeguards you can use to reduce the risk of someone accessing personal and institutional data when your mobile device is lost or stolen.
At Indiana University, any faculty or staff member, affiliate, or student-employee who uses a mobile device to access, store, or manipulate institutional data must:
- Apply appropriate safeguards to the device to mitigate the risk of information exposure due to loss or theft.
- Report any device that is lost, stolen, or otherwise compromised
- Wipe (i.e., erase) all data stored on any device before transferring ownership (e.g., by sale or trade-in).
For details, including specific safeguards required for mobile devices, see Mobile Device Security Standard (IT-12.1).
On this page:
- Keeping your device physically secure
- Using data encryption on laptops and notebook computers
- Enabling security features on smartphones and tablets
Keeping your device physically secure
The most effective method of protecting the data on your mobile device is to protect the device itself:
- Either keep your device with you at all times or leave it in a secure physical location. This can prevent not only malicious access to your data, but inadvertent or accidental loss or damage of your data (e.g., when a child finds your device and attempts to use it).
- Keep records of your device's identifying information, such as its MAC address, serial number (or BlackBerry PIN), and the date and place of purchase. This information can help authorities track or identify a lost or stolen device.
For additional safeguards against data loss and theft, see:
Using data encryption on laptops and notebook computers
Using a whole-disk encryption program is the best safeguard against unauthorized access of data on your laptop or notebook computer. Such applications use strong encryption methods that protect your device's hard drive while allowing you easy access to your data. For more about using encryption to protect the data on your laptop or notebook computer, see:
- Encrypting your Windows computer with PGP Whole Disk Encryption
- Encrypting your Mac OS X computer with PGP (OS X 10.6)
- Encrypting your Mac OS X computer with FileVault 2 (OS X 10.7 or later)
- At IU, how can I verify that my computer's whole-disk encryption is enabled?
Enabling security features on smartphones and tablets
UITS recommends the following mobile operating systems for smartphones and tablets; see the corresponding documents for information about configuring security and encryption settings:
Operating system Instructions iOS 4.0+ How can I secure my iPhone, iPad, or iPod touch? BlackBerry 10 How can I secure my BlackBerry 10 device? Android 2.3+ (must be upgradable to 4.0) How can I secure my Android OS device? Windows Phone 7+/Windows Mobile 6.5+ How can I secure my Windows Phone or Windows Mobile device?
Specific security features vary between devices and operating systems. Use whichever features your device offers that provide the best security for your needs:
- Password, passcode, or PIN: Setting a password, passcode, or PIN to access your device is generally simple and effective. Use a code that is four digits or longer, and keep it secret, like you do for your email password or passphrase. See About your IU passphrase or At IU, how can I choose a secure PIN?
- Unlock pattern: Some handheld devices let you set unlock patterns that function like PINs. Use a pattern with some complexity (e.g., with at least five points), keep it secret, and protect it from observers. Additionally, be aware that smudges on the face of your device may reveal your pattern to unauthorized users.
- Device lockout: Most handheld devices provide a lockout option that locks the device if someone makes several consecutive unsuccessful attempts to enter the password, PIN, or pattern. Using the lockout option can thwart a brute-force attempt to guess your password, PIN, or pattern. Setting the lockout limit to 10 attempts is usually sufficient.
- Auto-wipe: Auto-wipe is similar to the lockout option, but more secure. After several consecutive unsuccessful password, pattern, or PIN attempts, the device will automatically erase (i.e., wipe) all stored data and reset itself to the factory defaults.
Note:When you use the auto-wipe option, make sure to back up your data regularly (e.g., to a desktop computer or a cloud storage service). Consult your device's documentation for instructions on backing up data.
- Encryption: Certain handheld devices are capable of employing data encryption. Consult your device's documentation or online support resources for information about available encryption options. (For Surface tablets, see How can I encrypt my Windows Surface tablet using BitLocker?)
Important:The IU Mobile Device Security Standard (IT-12.1) requires the use of data encryption on handheld devices used to access, store, or manipulate critical information at IU. Such use also requires "written approval from the senior executive of the unit involved or the Institutional Review Board confirming a critical business need".
The following common features are frequently useful, but can also create security risks. You may want to consider disabling them:
- Bluetooth: Consider disabling Bluetooth connectivity on your device unless you need it. Hackers and data thieves can use Bluetooth connections to "eavesdrop" on your device and access your sensitive data.
- GPS: Consider disabling Global Positioning System (GPS) and other location services unless you need them. Your physical location (or the locations of your device) is a piece of sensitive data that you may not want stored or broadcast. Conversely, if your device is GPS-enabled, some apps and services (e.g., Find My iPhone) can help locate your device if it is lost or stolen.
This is document bcnh in the Knowledge Base.
Last modified on 2016-08-09 09:54:46.
- Fill out this form to submit your issue to the UITS Support Center.
- Please note that you must be affiliated with Indiana University to receive support.
- All fields are required.