ITS

Information Technology Services
Information Technology Services

Best Practices

Mobile Device Security

phone iconNow more than ever, tablets and smartphones are allowing users to access data from just about anywhere. We use our mobile devices to stay in touch, take pictures, shop, bank, listen to music, connect through social media and work flexibly away from the office. Whether used personally or professionally, these devices often contain sensitive or confidential data. Many of the attacks previously seen through PCs are now being targeted at mobile device users. Keep your phone secure by following these guidelines. 

  1. Use a password or PIN to lock your device and protect your data from being accessed by others. Enable the feature that will erase the phone if someone tries to guess the PIN too many times. Turn on the service or download an app that helps you find your phone if it is lost or stolen.  These apps allow you to remotely locate your phone, lock it, and/or erase your data.
    • Note: If the phone has been stolen, do not attempt to retrieve it yourself.
  2. Install updates to your system and/or applications; they often fix reported bugs or security vulnerabilities, not just functionality.
  3. Make sure the auto-lock feature is enabled so that your device is locked when not in use. Usually this is automatic when you set a password or PIN, but you can sometimes control the amount of time before it locks automatically in your device's settings.
  4. If you have confidential data on your device, know how it can be remotely wiped if the device is lost or stolen. It is best to consult your device manufacturer for instructions on how to do this. We cannot confirm that every device or model has this feature, but most of them should. 
    • Note:  If you are checking your Queen's email on your device, you can Wipe Your Device through Office 365.
  5. Make sure to do your research before downloading an app to make sure it is safe. iPhone apps go through a strict review process to get into the iPhone App Store, but Android applications do not have the same procedures, and can also be released outside of the Google Play Store, such as a through a link on a website or through email.
  6. Phones are most susceptible to malware known as a Trojan horse. This malware hides in a seemingly harmless app, like a game or special keyboard, but they can contain hidden code designed to exploit or damage the system.
  7. Don't "jailbreak" your phone.  Most phones will run only software that their operating system trusts. Jailbreaking (or unlocking) a phone enables it to run untrusted software, which is much more likely to carry a harmful virus.
    • If you have an iPhone, do not jailbreak it especially if it is a work phone. If you have jailbroken your iPhone, third party apps can be installed, and security is no longer reliable.
  8. Only install applications from trusted sources. Research the app before downloading to make sure it has good reviews. Although some apps may not intentionally be malicious or contain malware, app security is not standardized in the same way that professional software is; anyone can create and distribute apps.
  9. Use a secured internet access connection whenever possible. Avoid using open Wi-Fi connections for performing secure operations (such as signing into email, Facebook, etc.). When on campus, use the QueensuSecure_WPA2 wireless network instead of the unsecured queensu wireless network. You should be able to set your device to remember your username and password for this network so you don't have to sign in every time.
  10. When shopping online or performing online banking with your mobile device, check to ensure the site is security enabled. Look for web addresses with "https://", a lock symbol and green text or highlighting in the address bar. "Http://" sites are not secure.
  11. Turn off Bluetooth unless you are actually using it. Do not accept files over Bluetooth unless you know what it is and who it is from. If you don't know the origin, it could be a virus. Viruses can spread via Bluetooth without the owner of a device knowing.
  12. Always keep a backup of your mobile device on your computer, and try not to keep information of a sensitive nature on your device.
  13. Always check the permissions an app is requesting before you grant access to information on your device. If the permissions it is asking for don't make sense, or if it is asking for more control than you are comfortable giving, consider not downloading that particular app.
  14. Use common sense while browsing the internet. Do not navigate to suspicious links on your device's web browser.
  15. Only give your mobile phone number to people you trust and know. Likewise, be respectful of other people's information and don't share their phone numbers without their knowledge and/or permission.
  16. When using your mobile device to take photos on campus, it is best practice to ask permission of others before taking a photo or video of them, especially if posting the photo to social media.