Mobile Device Security Best Practices

Protecting your university-owned or personal mobile device from malicious programs or people seeking to exploit university data or personal information is critical. This guide provides essential tips for safeguarding your smartphone from potential security risks. Please reach out to the IT Service Desk for any questions or clarifications regarding these recommendations. Pay attention to any security related announcements from ITS.

Use Strong Device Locks

• Enable a strong passcode, or biometric authentication (fingerprint or facial recognition).

• Enable automatic lock for the device’s screen.

Install Security Updates & Update Apps Regularly

• Enable automatic updates for iOS/Android and all applications.

• Check for updates frequently and install official security updates immediately.

Enable Advanced Security Features

• Enable Find My Device or equivalent to track, lock, or remotely wipe your device.

• Encrypt your device to prevent unauthorized access.

• Enable DUO multi-factor authentication for important accounts on the device.

• Install anti-virus software.

Use Secure Communications

• Do not open unknown links or files.

• Use encrypted messaging services.

Avoid Installing Unrecognized Apps or Apps From Unknown Authors

• Only download applications from official repositories like the App Store or Google Play Store.

• Review app permissions in security settings to ensure they only have access to necessary information.

• Remove any unused apps.

Use Secure Network Connections

• Avoid public WiFi networks for sensitive transactions.

• Use the Cal Poly VPN when connecting to university applications or services while off-campus.

• Disable automatic WiFi and Bluetooth connections and turn them off when not in use.

Back Up and Protect Information

• Do not store sensitive personal information on mobile devices, even if the contents are encrypted (e.g., credit card numbers, SSNs, passwords, etc.).

• Back up university-related data to Cal Poly OneDrive and enable multi-factor authentication.

• Use a password manager like LastPass to generate and store passwords.

Do Not “Root” or “Jailbreak” Your Device

• Rooting or jail-breaking your device could disable built in security features of your phone, like the firewall, could install malware on your computer and can make it difficult to regularly pull down security updates.

Do Not Leave Your Phone/Tablet Unattended

• Treat these devices as you would treat cash.

• Consider using a privacy screen protector.

• Do not let anyone use your device other than IT Service Desk staff.

• Notify the IT Service Desk and the Telephone Coordinator immediately if your device is lost or stolen.

Other Resources

• Traveling Overseas with Mobile Phones, Laptops, PDAs, and Other Electronic Devices - The National Counterintelligence and Security Center

• Securing Mobile Devices When Traveling - Indiana University

• The Traveler's Guide to Cybersecurity - Syracuse University

• Recommendations for Travelers to High Risk Countries - Stanford University

• Safety and Security for the Business Professional Traveling Abroad - Federal Bureau of Investigation

Related Articles