Mobile computing devices are devices such as tablets, smart phones, USB devices, and laptop computers. The very features that make these devices useful (portability, access connectivity, data storage, processing power, etc.) also make them a security risk to users and to Florida A&M University (FAMU) when those devices contain University data. Major features of mobile devices that create risk to the user, and potentially the University as well, include their small size (they can easily be lost or stolen), weak user authentication mechanisms that can easily be compromised or simply disabled by the user, and their ease of interconnectedness.
This document explains general end-user security measures that can be taken on mobile devices. Taking action to personally ensure computer security helps protect everyone from data and identity theft, viruses, hackers, and other threats. Every member of the FAMU community who uses a mobile computing device can make the Maryland computing environment more secure by following these best practices.
General Security - Your Department’s IT Staff may be able to assist you with the following
- Obtain management approval of mobile devices prior to using the devices to handle and store University data. Management may also require the completion of training on proper device handling and management practices prior to receiving authorization.
- Keep your mobile devices with you at all times or store them in a secured location when not in use. Do not leave your mobile devices unattended in public locations (e.g. airport lounges, meeting rooms, restaurants, etc.).
- Deploy approved hardware encryption software. Ensure that the selected software employs whole disk encryption.
- Mobile devices should be password protected and auto lockout should be enabled. The password should block all access to the device until a valid password is enabled. The password used should be as strong a password as your device will support. Learn more about strong passwords at the How to Create a Good Password page.
- If available, enable a “remote wipe” feature. This also includes features that delete data stored on the mobile device if a password is not entered correctly after a certain number of specified tries.
- Do not circumvent security features or “jailbreak” your mobile device.
- Wipe or securely delete data from your mobile device before you dispose of it.
- Lost or stolen mobile devices should be immediately reported to the police. If your mobile device contained Florida A&M University data, also inform your IT department about the loss or theft of the device. Learn more about security incidents by visiting the Report a Security Incident page.
- Apply computing device security software patches and updates regularly.
- Apply computing device operating system patches and updates regularly.
- Apply computing device application software patches and updates regularly (e.g. word processor software, IM clients, and other programs).
- Install and use anti-virus and anti-spyware software on the computing device, keep software definitions up to date, and run regular scans. We recommend you obtain antivirus software. For anti-spyware we recommend the following free software: Malwarebytes, SUPERAntiSpyware, and Spybot.
- Install and enable a hardware and/or software firewall. Information about firewalls can be found at:
- Configure computing device so that it runs in least privilege mode (e.g. user) and times-out after a 15-minute period of inactivity.
- Activate and utilize a lock feature prior to leaving the computing device unattended.
- Regularly verify that system security measures are enabled on your computing device.
- Never share directories and files without access controls.
- Where possible, data transmissions from mobile devices should be encrypted.
- Wireless access (Bluetooth, Wi-Fi, etc.) to mobile devices should be disabled when not in use to prevent unauthorized access to the device.
- If available, wireless access should be configured to query the user for confirmation before connecting to wireless networks.
- For example, when Bluetooth is on, select the “check with me before connecting” option to prevent automatic connections with other devices.
- If available use the VPN Client Software offered by FAMU to connect to campus resources.
- Avoid unencrypted public wireless networks. Such Wi-Fi networks require no authentication or password to log into, so anyone can access them--including the bad guys.
Application and Data Security
- Do not install software from unknown sources as they may include software harmful to your device. Research the software that you intend to install to make sure that it is legitimate.
- When installing software, review the application permissions. Modern applications may share more information about you than you are comfortable with, including allowing for real time tracking of your location.
- Be careful when storing your personal data on your mobile device. If you lose the device, you could lose your data.
- Follow the National Institute of Standards and Technology’s recommendations for Mobile Security (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-124r1.pdf) with respect to Florida A&M University data stored on your mobile device.