Ask the Expert: Mobile Device Security
By: Mandy Winegarden and Natascha Shawver
Security Risk Analysts, University Information Security
Most of us have experienced the sinking feeling that comes with the realization that an important item has been lost, misplaced, or stolen. You were just quickly running into Caribou for your morning coffee. Gone from your car for no more than 10 minutes! But when you returned, your backpack or briefcase was missing from the front seat of your car.
Frantically, you try to remember what was in the bag. What should top the list of things to be worried about? What should you do next, and what happens when the lost item has University data like email or digital files?
Perhaps you’ll be afraid of what will happen if you tell someone that the University file or laptop is gone. Should you try to find or recover the device before you tell anyone? Use a service like “Find my phone” to track it down yourself?
Attempting to track down a device (phone, tablet, laptop, etc.) is not advised. It can put something even more valuable at risk—your personal safety.
Make a report with the local police department. If the loss or theft occurred on campus, contact the UMPD: publicsafety.umn.edu/about
If a device belonging to the University was lost or stolen, contact your IT support personnel to see if they are able to remotely wipe, lock, or disable the device. If personal devices were lost or stolen, you can use a service like ‘Find my iPhone’ to perform the reset or wipe yourself. This prevents someone who has your device from being able to access and use your valuable information.
Email [email protected] to notify University Information Security (UIS) that data belonging to the University may be in someone else’s possession.
It’s important that these three steps happen as soon as possible in order to reduce the risk that data is accessed and used. Especially with digital devices and apps that store treasure troves of our own personal information, time is the most valuable resource you have.
What can you expect when you notify UIS?
Someone will work directly with you to understand the type of data you work with and what data might have reporting requirements under state law, regulation, or contractual obligations. This includes information that falls under FERPA, HIPAA, or the Minnesota Data Practices Act.
We want you to know that you aren’t in trouble! The University just needs to make sure it is fulfilling its legal obligations to protect the populations that we diligently work to educate, support, and care for.
The security professional who works with you will ask questions such as:
What specific data elements were stored in either paper files or the system?
What was the state of the device when it was lost?
What kind of security controls were in place on the device?
To protect yourself in advance of experiencing the heart-dropping panic of a loss or theft, learn more about securing mobile devices and more at z.umn.edu/secureU.