Purpose

Mobile Device Security Guidelines are intended to assist members of the university community in complying with IUP computing policies when using a mobile device (laptop and netbook computers, tablet devices, smartphones, etc.). In no case do these guidelines take precedence over applicable policies.

Scope

The guidelines are applicable to any university-owned mobile device and any other mobile device used to access information requiring a university-provided username or password. Examples of this access include, but are not limited to: IUP email; information systems like Banner, MyIUP, SAP, and Employee Self-Service (ESS); secured internal websites; distance learning tools like Moodle or D2L; or any document accessed via a secured network drive.

Guidelines
  1. Prior to purchase of a mobile device, review IUP policies and information specifically related to mobile devices.
    1. Review policies at IT Support Center Policies, specifically:
      1. Acceptable Use of Information Technology Resources
      2. Information Protection
    2. Review Personal Mobile Devices for instructions and tips on configuring particular devices.
  2. Password-Protect Device and Use Encryption
    1. Password-protect the device, as this will be critical should the device become either lost or stolen.
    2. Avoid using unencrypted usernames and passwords when accessing networks, applications, or files.
  3. Avoid Using Device to Store Sensitive or Confidential Information
    1. Avoid storing sensitive or confidential information on the device whenever possible, and encrypt the information when it must be stored on the device.
  4. Limit Risk of Theft
    1. Avoid leaving the device in public places, visible in a parked car, or checked with luggage during flight.
  5. Use Antivirus and Related Tools/Update Device Frequently
    1. Follow IUP's safe computing standards found at Viruses and Spam.
    2. In particular, use antivirus/anti-malware tools as prescribed.
    3. Ensure that all software on the device is updated frequently, as updates often address security concerns.
  6. Enable Only Required Applications or Services
    1. Restrict the "apps," services, etc. on the device only to those needed. Disable or remove all others. This action will reduce the exposure of the device to viruses and malware. It may also enhance the performance of the device while also extending battery life.
    2. Review security settings on required applications, and set to be as strict as practical.
  7. Report Lost or Stolen Devices
    1. Report lost or stolen devices within the scope of these guidelines to the University Police and to the IT Support Center immediately.
    2. Record the device's serial number to assist in recovery efforts.
  8. Back-up Device
    1. In the event that sensitive or confidential information must be stored on the device, back up the device regularly. This is important if the device is lost, stolen, or damaged.
  9. Keep Power to the Device
    1. There is risk when a mobile device loses power that information could be lost, so it is important to keep the battery charged.
  10. Dispose of the Device Properly
    1. Make certain all sensitive or confidential information is removed from the device when it is no longer going to be used (i.e., is replaced by a more modern device).
  11. Review Additional/Alternative Steps Advocated by Educause and Internet2
    1. Review theEducause/Internet2 Mobile Device Securitywebsite.
Document History
Date Description
October 2011 Initial document published