Information Security
Our Office

Information Security
530-898-6520
isec@csuchico.edu

Regular Hours
8 a.m.–5 p.m.
Monday–Friday

Mobile Device Security

Ten Steps to Securing Your Mobile Device

Much of the following information was put together by Educause, and we're reproducing it here, along with some CSUC-specific information, to give you an easy-to-follow list of do's and don'ts to keep your mobile devices protected against hacking and other security issues.

You can also download our handy guide Prepare Your Mobile Devices to Prevent Loss (PDF). This pocket-sized guide explains the use of GPS tracking software to recover lost devices, as well as how to protect your accounts and prevent device theft.

1. Configure mobile devices securely

  • Follow these instructions to auto-lock your smartphone when it's not in use.
  • Enable password protection and require complex passwords.
  • Don't use auto-complete features that remember user names or passwords.
  • Ensure that browser security settings are configured appropriately.
  • Enable remote wipe.
  • Ensure SSL protection is enabled, if available.

2. Take appropriate physical security measures to prevent theft and enable recovery of mobile devices.

  • For laptops, use cable locks.
  • Install and use tracing or tracking software to help locate lost or stolen devices.
  • Never leave your mobile device unattended.
  • Report lost or stolen devices immediately.
  • Back up data on your mobile device on a regular basis.

3. Only use secure Wi-Fi networks(opens in new window) and disable Wi-Fi when not in use.

  • US-CERT recommends disabling features not currently in use such as Bluetooth, infrared, or Wi-Fi. Additionally, set Bluetooth-enabled devices to non-discoverable to render them invisible to unauthenticated devices.
  • Don't join unknown Wi-Fi networks.

4. Update mobile devices frequently. Select the automatic update option if available.

  • US-CERT recommends maintaining up-to-date software, including operating systems and applications. Up-to-date patching is a prerequisite for connecting to CSUC's wireless network.

5. Utilize anti-virus programs and configure automatic updates if possible.

  • US-CERT recommends installing anti-virus software as it becomes available and maintaining up-to-date signatures and engines. Approved anti-virus is a prerequisite for connecting to CSUCs wireless network.
  • Data protection is essential. If confidential data must be accessed or stored using a mobile device, make sure you first install an encryption solution. Note that confidential CSUC data may not be stored on a mobile device.
  • Do an assessment - or at least be aware - of the encryption options available for mobile devices. Some devices may offer more mature security solutions than others.

6. Use an encryption solution to keep portable data secure in transit.

  • Data protection is essential. If confidential data must be accessed or stored using a mobile device, make sure you first install an encryption solution. Note that confidential CSUC data may not be stored on a mobile device.
  • Do an assessment - or at least be aware - of the encryption options available for mobile devices. Some devices may offer more mature security solutions than others.

7. Use digital certificates on mobile devices.

  • You'll find links to device-specific information on using digital certificates with the CSUC secure wireless network here.

8. Use appropriate data removal and disposal procedures for mobile devices.

  • Be sure to securely delete all information stored on a device prior to discarding, exchanging, or donating it.

In addition, CSUC commits to the following support for mobile device security:

9. Institutions should develop appropriate policies, procedures, standards, and guidelines for mobile devices.

10. Institutions should also educate students, faculty, and staff about mobile device security. 

  • Advise users to be cautious when opening e-mail and text message attachments or clicking on links.
  • Advise users not to open files, click links, or call numbers in unsolicited e-mails or text messages.
  • Provide information about current threats affecting mobile devices.
  • Educate users on the need to know what they're downloading and to only download apps from reputable developers.