As mobile devices on campus continues to grow, it is important that faculty, staff and students at the University adopt practices and procedures for mobile storage devices to ensure that confidential and private data stored on these devices is protected.

These devices and the data contained on them when left unsecured, are susceptible to theft and possibly to exploitation.

When at all possible, protected or restricted data should not be stored on mobile storage devices. If sensitive data is stored on a mobile device the following practices should be adopted:

Maintain a Clean Device

• Keep your security software, browsers and operating systems up to date
• Keep your applications up to date.  Many updates add new features and better security
• Monitor your device’s data usage and investigate anomalies
• Know the source of your app.  Be sure to only use trusted sources
• Do not “jailbreak” or “root” your mobile device.  A non-standard configuration may prevent the installation of security updates and may void your warranty

Restrict Device Access

• Use a password to access the device and set the device to auto-lock during inactivity
• Protect specific files with a password if possible
• Do not share your device with other people
• Use locking security cables for mobile computers and lock offices, cabinets or desk where devices are stored
• Ensure your doors are locked and devices are out of sight when in a vehicle
• Avoid leaving your device unattended in a public area
• Institute a check-out procedure to track shared devices in a Department or Faculty
• Use an encrypted USB Flash drive
• Compliance with the Mobile Encryption Standard (coming soon)

Getting Connected

• Turn off wireless, Bluetooth and infrared access when not in use
• Wireless access should be configured to ask for a password before connecting
• Unknown or untrusted networks should not be used to transfer sensitive data

Safety Online

• When in doubt throw it out. Always be suspect of links or attachments in email, posts and texts
• Check for secure connections or websites starting with "https://" - especially when making purchases
• Learn the security and privacy features of your social media applications.  Be comfortable with the information you share

Be a Good Online Citizen

• Share about others only as you would be comfortable having them share about you
• Never give out anyone’s personal information to a third party without permission.  This includes email, social media names, numbers, photos or videos

Lost or Stolen Devices

• Immediately report the loss, theft or unauthorized use of the device
• Capable devices should be wiped remotely in the event of loss or theft

Protecting your Information While Travelling Tips
Public WiFi Hotspot Security

For additional information on access and privacy, click here

---

Information and Resources:

► How do I protect my data? ► How do I protect my data?
- Backup your data regularly
- Store your data on your network drive
- Keep your device operating system (OS) up to date
- Contact IST Help and Solution Centre for recommendations or assistance with selecting and implementing an encryption tool.
► What is spam?► What is spam?
Spam is unsolicited junk email normally with some kind of sales or advertising content.
► What is phishing?► What is phishing?
Phishing is electronic identity theft and could lead to financial theft
► What is the University doing about phishing and spam?► What is the University doing about phishing and spam?
We employ an email security solution called Ironport but no spam or email filter is perfect so we advise that everyone should be aware of best practices and remain vigilant when opening email from unfamiliar sources and clicking suspect links