Mobile devices, including smartphones, tablets, PDAs, and other similar devices are often significant risks due to their portability and broad utilization for work and personal needs. If your mobile device is lost, stolen, or compromised, your personal information and any relevant University data may be placed in jeopardy.
App State employees who utilize personal mobile devices to conduct Appalachian State University business should be aware of conditions unique to this use.
ITS has provided a set of awareness items and security steps that can help protect your mobile computing devices.
ITSS Information Security for Mobile Devices
Ways to Protect your Mobile Devices
Personal Information is like money. Value it. Protect it.
Your mobile device contains significant information about you, your friends, and your family. Think about the contact numbers, photos, and so much more stored on your device.
Guidelines for keeping your mobile devices and the data they contain secure:
- Back up your files - don’t keep the only copy on your mobile device.
- Keep your device with you - One of the biggest threats is loss or theft.
- Think twice - Be thoughtful about the information stored on your device, how it is collected through third-party apps, and what gets shared on websites you visit. Manage your app permissions. When you grant apps access to your device, you may be giving them access to your personal information and giving the app permission to perform functions on your device.
- Own your online presence - Use security and privacy settings to manage what is shared in downloaded apps and on social media.
- Secure your devices by using strong passwords, passcodes, passphrases, or other features such as touch identification and lock your devices.
- Be aware of where you are and where your device is.
- Enable Encryption on your devices and use KeePass (or another password vault) if you store passwords on your phone.
- Update your devices regularly - Keeping the most up-to-date security software, web browsers, operating systems, and apps are the best defense against viruses, malware, and other online threats.
- Delete apps you no longer use.
- Disable WiFi and Bluetooth when not in use. Some stores, restaurants, and other locations look for devices with WiFi or Bluetooth turned on to track your movements while you are within range. In addition, limit your public WiFi usage and public wireless networks are not secure (Anyone could potentially see what you are doing on a laptop, tablet, or smartphone while connected to public networks.)
- Use a VPN (a virtual private network) for a more secure connection
- Don’t Know? Don’t Answer. - Fraudulent text messages, calls, and voicemails are on the rise. If you received something from someone you don’t know or it’s from someone you know but it looks suspicious, don’t reply. Email and mobile requests for personal data or immediate action are almost always scams.
You can install security apps that enable remote location and wiping. Some are automatically installed such as Find My iPhone on Apple devices; while others need to be downloaded.
Downloading security apps for Android or Windows Mobile devices is generally safe (provided the apps are from a legitimate app market such as Android Market or Google Play.)
Security apps must be set up before the phone is lost or stolen.
Risks of rooting or jailbreaking your phone:
- Your smartphone can become bricked which renders it no longer functional due.
- Your warranty will be void immediately.
- Malware can easily breach your mobile security.
The Information Technology Support Center offers services to help you set up your mobile devices and make sure they are secure.
Contact them at 828-262-6266, enter a support ticket at https://support.appstate.edu/, or visit them on the bottom floor of Anne Belk Hall. Room 140.
App State Mobile Security Materials
Free Mobile Antivirus Software:
- Free ESET Mobile Security and Antivirus (Google/Android)
- Free Avira Mobile Security for iOS (Apple/iOS)
Using Personal Mobile Devices for University Business
Many App State employees utilize personal mobile devices to help conduct University Business. Below is a list of relevant items. This list is to help spread awareness of our shared responsibilities when using personal devices while conducting University business.
The University does not currently centrally manage the security of personal mobile devices. For this reason, employees need to be aware that they are individually responsible for the security of their personal mobile devices. To help address this responsibility, ITS strongly recommends following the security Protocols listed below.
University data that has been classified as Confidential or Sensitive should not be stored on personal mobile devices. Common examples of data that should not be stored on these devices include:
- Personal Identifiers (Social Security Numbers, Drivers license, State identification card, or Passport numbers)
- Financial Data (Credit Card Numbers, Debit Card Numbers, Checking / Savings Account Numbers)
- Authentication Data: (Biometric Information, Passwords, Digital Signatures)
- Health Information (Protected Health Information)
All App State employees are subject to the North Carolina Public Records Act (NCGS Chapter 132). This act provides a method for third parties to request records associated with the public business of all state agencies, including App State. If University-related materials are stored on personal mobile devices (i.e. work-related SMS messages, voicemail recordings, electronic work documents) then those personal devices may be subject to such a request as the device may be viewed as being used to facilitate official University business. This could mean that employees could be required to present all of the information from the mobile device to the University for inspection and possible disclosure should the University be legally compelled to produce materials.
App State Policies Relevant to Personal Mobile Devices
App State employees must follow University policies when conducting University business irrespective of whether the resources used are managed or owned by the University or not. Therefore, it is important to keep in mind that mobile devices that are used to conduct University business and access University data are subject to University policies and standards.
Mobile Device Security Best Practices
An important first line of defense for your mobile devices is making sure that someone can't easily access your data should you accidentally misplace your tablet or smartphone.
- All Devices: Set your mobile device to lock the screen after a period of inactivity and require a PIN, Password, Fingerprint, or Swipe Pattern you specify to unlock the device. (How-To: Google/Android and How-To: Apple/iOS)
- All Devices: Make sure that your PIN, Password, or Swipe pattern is not easy to guess.
When you encrypt your mobile device, you add a layer of protection around your data that makes it more difficult to read should your device be lost or stolen. Note that the utilization of encryption of mobile devices requires that your device utilize a screen lock (see Step #1).
- Apple/iOS: Encryption is turned on automatically when you apply a screen lock (see Step 1).
- Google/Android: Turn on mobile device encryption
One of the most common security issues with mobile devices is that they can be easy to lose and are often attractive to thieves. Loss and Theft Protection features can help you potentially locate your device and/or send commands to render the device as well as its data unusable.
Because our mobile devices go with us wherever we go, it is easy to become accustomed to using wireless networks in a manner that can expose our information.
- All Devices: Disable WiFi & Bluetooth networking when not in use.
- All Devices: Limit use of authenticated (public) wireless (use cell data plan instead)