Mobile device security

Announcement :  Important guidance on what staff and postgraduate research students (PGRs) need to do to access University data on personal mobile devices.

Phones and other mobile devices often contain University Data and personal information, such as emails, email addresses, phone numbers, or your University password. Even with the utmost care and attention, it is very easy to lose mobile devices. Apart from the advice below, see also Securing the Human's advice on mobile security.

Treat your mobile device like your wallet or purse

Mobile devices are valuable, not just in themselves, but because of the data they can hold. Treat your mobile devices just like you would your wallet/ purse or credit card. Keep them either on your person or, when not using them, lock them away. Don’t leave them lying around and don’t let someone else use your mobile unsupervised unless you trust them.

Remember, if your password is saved on a device, all someone needs, to log-in as yourself and gain access to any confidential data to which you have access, is just a few minutes.

Set a password or pin number to access your device

A well-chosen password or pin number is a deterrent against casual use and abuse. It isn’t complete protection – someone possessing the device can normally get at the contents with a bit of time and determination. However, it is still a useful layer of security which will stop a casual attacker.

Don’t transfer confidential data to your device

Mobile devices are small, portable and very easy to lose, even when you take precautions against this event. Losing the device is a problem, but losing the data on it can be catastrophic. The University has strict policies and legal obligations about processing data off campus to protect against this risk. Don’t transfer confidential data to mobile devices unless you have explicit permission from the University Secretary's Office.

If you aren’t sure whether data is confidential or not check the Information Access & Security policy, or err on the side of caution and assume it is. For example a person’s salary, home address, photograph and medical history are all Confidential or Strictly Confidential data.

Back to top

If your mobile device is stolen or lost, change your UOB password as soon as possible, and contact the phone provider

If someone gets hold of your device and your password is stored on it they can read your email, documents and everything else at the university to which you have access. With phones or mobile broadband devices they can also rapidly run up a bill of thousands of pounds.

Wipe each device thoroughly before disposing of it

Don’t just throw out or recycle your phone – it will almost certainly contain your own personal data, such as your contacts list.

If your device has ever been used to hold University data then it is particularly important that it is properly wiped (just deleting data isn’t sufficient). Ask for advice or turn it over to IT support staff for secure disposal, even if it is your personally-owned device.

Turn off Bluetooth

Bluetooth is a wireless protocol for exchanging data between devices. It’s useful, but can also be a security risk, letting other people nearby access your phone. Only enable Bluetooth when you actually need it, and then disable it again afterwards.It is a sensible precaution and will also extend your battery life.

Install available updates and anti-virus software if available

Manufacturers release updates to fix security problems and add new features. Always install updates when they are available, as it is important that you get the security fixes.

Anti-virus software runs on a system to protect against known viruses. It is essential that all Windows laptops and desktops have up-to-date antivirus software. Viruses for mobile phones are currently very rare so we don’t recommend anti-virus software for phones at this stage.

Use encryption software if advised to do so

Encryption software can be a very strong defence against your data falling into the wrong hands, and is essential if using a device to take Confidential data off the premises. Unfortunately encryption is not available for many mobile phones. Encryption is a more practical option for Windows laptops and USB memory sticks. For information on encrypting your laptops or memory sticks, contact the IT Service Desk.

Back to top