IT Mobile Device Security Policy

Threats to mobile devices are more prevalent and increasing in scope and complexity. Although users of mobile devices desire to take full advantage of the features that provide great convenience and amazing capability, there is an inherent risk. Without some basic security features enabled on these devices, users risk significant data loss should these important pieces of technology ever become misplaced, or worse, stolen. 

Please review the new UA Little Rock Mobile Device Security policy that applies to every mobile device, either university-owned or personal, that accesses UA Little Rock systems and data to perform university business by university employees. The policy sets forth the following requirements when using these devices to access campus systems:

Required Best Practices

  • Set up a passcode, touch ID, or Face ID to restrict unauthorized use of the mobile device and prevent unauthorized access to information such as emails, contacts, phone call history, text messages, photos and  applications if the device was misplaced or stolen.
  • A passcode on an Apple iPhone or iPad automatically enables device encryption, however Android devices require users to enable encryption.
  • Enable auto updates on your devices and routinely patch and update devices and applications from official sources. Third party or side-loaded applications increase security risks and can comprise the security of the mobile device and the data that exists on it.
  • Lock the screen of mobile devices when not in use and enable a screen timeout and auto-lock feature. This not only saves battery life, but prevents others from accessing the device
  • Never store sensitive campus data on personal devices, including mobile devices. Only utilize and configure official campus services such as UA Little Rock’s Google suite to access campus email, docs, and drive.
  • Enable additional vendor specific features such as Remote Wipe, that permit you as the owner of the technology, greater control of a misplaced or stolen device. This feature, including the “Find my Device” service, provides the end users greater control, insight, and peace of mind when a device is misplaced or stolen.

Additional Recommended Safeguards

  • Always verify the authenticity of an email, text, and telephone call. Mobile devices unfortunately only show the user’s name and not the actual email address from which a message was sent.  These names are often spoofed to mimic someone you may typically know and trust.
  • Never click links in emails or text messages from untrusted sources and verify the source of the message even with trusted sources.
  • Always verify callers information recognizing many scams involve spoofing Banks, IRS, or Social Security Administration asking for personal banking information. Always verify by initiating a call to a known number.
  • Keep a close eye on URLS, avoid ads, giveaways, “free” applications that are likely too good to be true. These could be phishing sites used to steal your information.
  • Be cautious of the permissions you give installed applications to read other information on your personal phone, this includes phones, text message, contact lists, lists, etc.  Many free applications use this information to mine or sell personal data.
  • When discarding used technology, follow the manufacturers recommendations on how to properly wipe the technology so that your data doesn’t fall into someone else’s hands.

If you have any questions regarding the above, please contact IT Services.

Posted in: News, Security
Read more about: , ,

Comments are closed.