Best Practices and Guidelines
- Always use an encrypted, secure network
- On-campus: Secure Mustang Wireless Network (WPA2)
- Turn off "Ask to join networks" and auto-join for all networks.
- Use the cell carrier's network instead of an insecure WiFi network.
- Use public WiFi hotspots with caution and configure the smartphone so that it does not connect automatically.
- Use only trusted networks for sensitive matters.
- Perform Security Updates
Anti-virus/security software should be installed, configured for on-access scanning. Operating system, applications, anti-virus/security software, and firmware updates should be set to automatic (e.g. checked daily).
- Change Default Settings
- Enable passcode and autolock.
- To protect against data snooping or injection attacks, when establishing a connection between a mobile device and a wireless accessory (e.g. Bluetooth pairing), set a new value for the PIN or password instead of using the default/zero/null value.
- Applications, options and services that are not required should be turned off or uninstalled.
- Disable SMS preview or equivalent.
- Turn on airplane mode when you do not need the phone, GPS, radio, Wi-Fi, or Bluetooth
- Never Store Sensitive, Unencrypted Data
Mobile devices used to store, process or transmit sensitive data should be configured with whole-disk encryption. Do not store application passwords or Web site passwords.
- Require Authentication
This is a simple step that many people fail to do. All mobile devices have the ability to lock the screen and require a password or code to access it.
- Use Physical Tethering
Keep your device on you at all times and never leave it unattended.
- Backup Regularly
- Turn off Bluetooth
When not in use, turn off Bluetooth. Leaving your device discoverable can leave your device open to hackers.
- Remote Wiping / Erasing Capabilities
Most mobile devices have the ability to locate and/or wipe your device if lost or stolen. For devices that do not have this ability, there are third party apps available or this service may be offered through your carrier.
Before installing or using new smartphone apps or services, check their reputation using app-store reputation mechanisms and, if possible, with friends, family or colleagues.
For example, It is good practice to install apps only from the Apple app store.
Never install any software onto mobile devices unless it knows and trusts the source of that software and expects to receive it. This refers to any software or application that users receive on their devices through any channel (e.g., by download over WAP/web, attached to an SMS, MMS, instant message or e-mail, through Bluetooth, or data connection, via synchronization with a computer or from a memory card or other temporary storage device read by the phone).
Never ignore or override security prompts displayed unless you are confident that you fully understand the risks associated with these actions.
- Lost or Stolen?
- Remote wipe the device (if possible).
- Immediately change all saved passwords stored on the device (if unencrypted).
- If university-owned property, contact Property Services.