When UW employees use their smartphones to respond to work emails, download files with institutional information, and access University applications, it represents a potential risk to the confidentiality, integrity, and availability of institutional information where much of the risk management is the responsibility of the individual employee.
The following best practices may also be helpful for UW students.
If you use a UW or personally owned smartphone to conduct University business, the Office of the CISO encourages you to consider the following tips to secure the smartphone:
- Encrypt the device to help protect the information from being accessed by unauthorized individuals if the device is lost or stolen.
- Select an alpha-numeric pass code or PIN to limit unauthorized access to the smartphone. Do not share your pass code or PIN with other individuals.
- Lock automatically after a few minutes of inactivity (for example between one and five minutes). The pass code or PIN should be required to be entered in order to unlock the smartphone.
- Use an encrypted or password-protected network (such as eduroam on UW campuses) whenever you connect to WiFi.
- Configure the smartphone to completely erase itself or “wipe” after multiple consecutive incorrect attempts (for example 10 invalid pass codes or PINs)
- Configure remote wipe for your device.
- If the smartphone uses a SIM card, then configure SIM PIN and configure the smartphone to require the SIM PIN whenever the SIM card has been replaced.
- Back up the information stored on the smartphone on a regular basis to help recover the information in the event that the smartphone is lost or stolen and you initiated a remote wipe, you forget the pass code or PIN, or the pass code or PIN is accidentally entered incorrectly multiple times in a row and you have set the above wipe or erase feature.
- Wipe data from your device or reset to factory settings before you dispose of it or trade it in. Review the Secure Disposal Risk Advisory for more tips.
This list is not exhaustive. Other security settings may apply to the particular smartphone you are using.
For additional information, consult with your department IT support person. For instructions on how to implement these settings, please refer to the user manual for the smartphone or consult with the provider or manufacturer.
- CISO online training: Mobile Devices
- CISA: Mobile Device Security Checklist for Consumers
- Administrative Policy Statement 55.1: Mobile Device Use and Allowance Policy