Mobile Device Security

Printer-friendly versionSend to friendPDF version

Ten Steps to Securing Your Mobile Device

Much of the following information was put together by Educause, and we're reproducing it here, along with some HSU-specific information, to give you an easy-to-follow list of do's and don'ts to keep your mobile devices protected against hacking and other security issues.

You can also download our handy guide Prepare Your Mobile D2 page brochure tips for securing mobile devicesevices to Prevent Loss. This pocket-sized guide explains the use of GPS tracking software to recover lost devices, as well as how to protect your accounts and prevent device theft.

1. Configure mobile devices securely

  • Follow these instructions to auto-lock your smartphone when it's not in use.
  • Enable password protection and require complex passwords.
  • Don't use auto-complete features that remember user names or passwords.
  • Ensure that browser security settings are configured appropriately.
  • Enable remote wipe.
  • Ensure SSL protection is enabled, if available.

2. Take appropriate physical security measures to prevent theft and enable recovery of mobile devices.

  • For laptops, use cable locks.
  • Install and use tracing or tracking software to help locate lost or stolen devices.
  • Never leave your mobile device unattended.
  • Report lost or stolen devices immediately.
  • Back up data on your mobile device on a regular basis.

3. Only use secure Wi-Fi networks and disable Wi-Fi when not in use.

  • US-CERT recommends disabling features not currently in use such as Bluetooth, infrared, or Wi-Fi. Additionally, set Bluetooth-enabled devices to non-discoverable to render them invisible to unauthenticated devices.
  • Don't join unknown Wi-Fi networks.

4. Update mobile devices frequently. Select the automatic update option if available.

  • US-CERT recommends maintaining up-to-date software, including operating systems and applications. Up-to-date patching is a prerequisite for connecting to HSU's wireless network.

5. Utilize anti-virus programs and configure automatic updates if possible.

  • US-CERT recommends installing anti-virus software as it becomes available and maintaining up-to-date signatures and engines. Approved anti-virus is a prerequisite for connecting to HSU's wireless network.5. Use an encryption solution to keep portable data secure in transit.
  • Data protection is essential. If confidential data must be accessed or stored using a mobile device, make sure you first install an encryption solution. Note that confidential HSU data may not be stored on a mobile device.
  • Do an assessment - or at least be aware - of the encryption options available for mobile devices. Some devices may offer more mature security solutions than others.

6. Use an encryption solution to keep portable data secure in transit.

  • Data protection is essential. If confidential data must be accessed or stored using a mobile device, make sure you first install an encryption solution. Note that confidential HSU data may not be stored on a mobile device.
  • Do an assessment - or at least be aware - of the encryption options available for mobile devices. Some devices may offer more mature security solutions than others.

7. Use digital certificates on mobile devices.

  • You'll find links to device-specific information on using digital certificates with the HSU secure wireless network here.

8. Use appropriate data removal and disposal procedures for mobile devices.

  • Be sure to securely delete all information stored on a device prior to discarding, exchanging, or donating it.

In addition, HSU commits to the following support for mobile device security:

9. Institutions should develop appropriate policies, procedures, standards, and guidelines for mobile devices.

10. Institutions should also educate students, faculty, and staff about mobile device security. 

  • Advise users to be cautious when opening e-mail and text message attachments or clicking on links.
  • Advise users not to open files, click links, or call numbers in unsolicited e-mails or text messages.
  • Provide information about current threats affecting mobile devices.
  • Educate users on the need to know what they're downloading and to only download apps from reputable developers.

Related Topics

Tools & Resources, Security
feedback