Mobile Device Support - 10 Steps to Secure Your Mobile Device

Ten steps to help secure your device

1. Configure mobile devices securely.
   1. Enable auto-lock, with an unlock password
   2. Enable password protection and require complex passwords
   3. Avoid using auto-complete features that remember user names or passwords
   4. Ensure that browser security settings are configured appropriately
   5. Enable remote wipe
   6. Ensure that SSL protection is enabled, if available
   7. Do not "root" or "Jail break" your phone. These actions by definition break security inherent in the devices.
2. Connect to secure Wi-Fi networks and disable Wi-Fi when not in use.
   1. US-CERT recommends disabling features not currently in use such as Bluetooth, infrared, or Wi-Fi. Additionally, set Bluetooth-enabled devices to non-discoverable to render them invisible to unauthenticated devices
   2. Avoid using unsecured applications over free WiFi
   3. Avoid joining unknown Wi-Fi networks
   4. Disable auto-join for known networks
3. Update mobile devices frequently.
   1. Maintaining up-to-date software, including operating systems and applications.
   2. Select the automatic update option if available
4. Utilize anti-virus programs and configure automatic updates if possible.
   1. Install anti-virus software as it becomes available and maintain up-to-date signatures and engines.
   2. Symantec QR Code reader will enable your phone to scan QR codes for links to known malicious sites or scripts.
5. Use an encryption solution to keep portable data secure in transit.
   1. Data protection is essential. If confidential data must be accessed or stored using a mobile device, make sure users have installed an encryption solution (e.g., GuardianEdge Smartphone Protection, McAfee Endpoint Encryption, PGP Mobile, Pointsec Mobile Encryption).
   2. Do an assessment - or at least be aware - of the encryption options available for mobile devices. Some devices may offer more mature security solutions than others.
   3. Consider using thin client models so that data is centrally and securely maintained. This is one option to help avoid the issue of storing confidential data on mobile devices. It also means not having to develop new solutions every time a new mobile technology is released.
   4. Educate users that they should avoid using or storing confidential data on a mobile device whenever possible.
6. Know who you are talking to.
   1. Utilize digital certificates where possible for identity verification.
   2. Be cautious when opening e-mail and text message attachments or clicking on links.
7. Take appropriate physical security measures to prevent theft or enable recovery of mobile devices.
   1. For laptops, use cable locks
   2. Use tracing and tracking software (e.g., LoJack, Computrace, Lookout, MobileMe, STOP, Find my Phone).
   3. Never leave your mobile device unattended
   4. Report lost or stolen devices immediately to local authorities
   5. Remember to back up data on your mobile device on a regular basis
8. Use appropriate sanitization and disposal procedures for mobile devices; Delete all information stored in a device prior to discarding, exchanging, or donating it.
9. Register the device with Campus DHCP. The' Network Registration System allows you to register your mobile device under your name and MSUNet ID, which is helpful to identify your device is lost or stolen, then reused on campus.
10. Units should also educate students, faculty, and staff about mobile device security.
    • US-CERT recommends that users avoid opening files, clicking links, or calling numbers contained in unsolicited e-mails or text messages.
    • Be aware of current threats affecting mobile devices.
    • Know what you're downloading. Make sure you download apps from reputable developers.