Mobile Device Security
This guidance on this page primarily focusses on University owned mobile devices however is equally applicable to your own, personal mobile devices.
Information about the new Mobile Device Management (MDM) service can be found on the MDM page.
Why is mobile device security so important?
- are by nature small and portable, therefore they are also easy to lose or have stolen.
- often have large storage capacities, so significant amounts of data can be held on them at any given time.
This combination of portability and capacity means that a large amount of data can be taken away from the University and is at risk of being lost if not adequately protected.
Using a personal mobile device for work can be convenient, but measures must be taken to ensure that University information held or viewed on such a device is adequately protected.
How can I protect my mobile device?
Before you use your mobile device you should ensure that security measures are in place, such as:
- 6-digit PIN / alphanumeric passphrase / fingerprint authentication
- Automatic wipe after a number of failed attempts
- Automatic lock after a period of inactivity
- Encrypted storage
- ‘Find my device’ functionality with remote wipe capability
- Anti-malware software installed where applicable
You are also advised to enrol for the Mobile Device Management service.
What should I consider before using a device for University purposes?
Before you purchase or use a device you should ask yourself the following questions:
- Is usage of this device compatible with the University's Information Security Policies?
- Would it be more appropriate for the University to purchase a device which is dedicated to work use?
- Is access to the device password protected?
- Does this device allow me to access University systems via VPN or Virtual Desktop?
- Will the device lock automatically after a set period of inactivity?
- Is data encrypted on the device?
- Is the software on this device regularly updated and are security patches regularly applied?
- Does the device have up-to-date virus protection?
- Is there separation of software/apps and data for University and private use?
- Does the device enforce the relevant approved University records retention schedule(s)?
- How is University data created and/or stored on the device backed up?
- Is a remote wipe facility enabled (for business/personal information or both)?
- Is a 'find my device' facility enabled?
- Can I install AirWatch, the University's Mobile Device Management service, on the device?
Not all devices available commercially are capable of being adequately secured for University use, so if in any doubt, seek guidance before making a purchase.
Several popular mobile device operating systems are not designed or intended for use by multiple people and often store the account details and credentials of the person who first used them. This should be taken into consideration if there is a need to share devices between members of staff.
Security of your mobile device is your responsibility
Remember: staff members responsible for a security breach linked to their personal device may face disciplinary action from the University.