News & Alerts

Title

Securing mobile devices: It’s easy!

April 27, 2018
Spotlight on Safe Computing

Passwords & Security

Password-protect your mobile device and use strong lock screen security

Physical security is a major concern for mobile devices, which can be easily lost or misplaced. A device password and other security measures (such as fingerprint or facial recognition) may be all that stands in the way of someone acquiring sensitive data, if your mobile device is lost or stolen.

Choose a strong password or passphrase

The security of your system is only as strong as the password you select to protect it. Learn how to create strong passwords. It may be difficult to type especially complex passwords on the small keypad of some devices, but it is important that you try to choose a strong, effective password that is not easily guessed! (Also - set your device to lock after one minute or less, and turn on your device’s wipe/reset setting after 10 invalid password guesses.)

Protect your password

It is difficult to remember passwords for all of your different accounts - work or personal email, social media sites, banking or credit institutions, online shopping sites, and more. A good way to keep your passwords secure yet accessible is to use a password manager. A password manager is a cloud-based or locally-installed tool to help you store all of your passwords securely. You only need to remember a single password or passphrase to access your manager, and then you can use each password as needed without having to remember it.

Recommended password manager applications include: Lastpass, Password Safe, and KeePass.

Apps & Software

Verify applications before downloading

Some apps could be harmful to your mobile device, either by carrying malware or by directing you to a malicious website that may collect your sensitive information (such as credit card information). Make sure that you download apps from a well-known trusted source such as Google Play or Apple App Store.

Be wary of what you download

Use official app stores and never install software you did not seek out. If something seems fishy, or phishy, don't download it. Use approved and recommended apps, and if you are prompted to download software or click a link you didn't seek out, clear out of the screen or webpage.

Disable applications and services

Reduce security risk by limiting your device to only necessary applications and services. You won't need to manage security updates for applications you don't use and may even conserve device resources like battery life.

Tip: Bluetooth is an example of a service that can open your device to unwelcome access if improperly configured. You can easily turn it on and off in your settings.

Lock down your apps, too

A secondary lock or login is the new standard on banking and financial apps, but there are options for other apps - think social media. The more layers of security you have, the stronger your devices will hold up to threats or vulnerabilities. You can add fingerprint locks to certain apps, or enable two-factor authentication. Logging out of your apps or accounts after use also increases the security of your information and your device.

Install antivirus software

Use antivirus software on your computer, phone, and tablet. Antivirus software is used to prevent, detect and remove malicious software. It will spot anything that tries to sneak onto your device and shut it down.

Hardware & Devices

Avoid jailbreaking

Tampering with your mobile device factory security setting makes it more susceptible to attacks, or makes it more likely that your device could attack other systems.

Definition: To jailbreak a phone is to hack it so that you have unrestricted access to the entire operating system and can make changes outside of default or factory device settings.

Update, update, update! Keep your device up to date

To reduce security threats, you need to accept updates and patches to your mobile device's operating system and applications by enabling automatic updates by the device manufacturer (for example, Samsung), operating system provider (such as, Android), service provider (like Verizon, AT&T or Sprint), and/or application provider (for instance, Google or Snap Inc.). In addition to improving the overall performance of your devices, updates often patch security vulnerabilities.

Make sure you can remotely track your device

If a device is stolen, you can track it down through programs like "Find my iPhone." You may also be able to remotely wipe your devices to make sure if they are taken, your information will not. There are secure tracking apps available on Google Play or the Apple App Store.

Encrypt your device

Mobile devices are easy to steal and to misplace. Your mobile device may be configured with saved passwords that would enable anyone to access your email, banking or credit card information, or University institutional data. Encryption automatically comes with the iPhone/iPad 3 and later, and Android phones/tablets that run Android 4.4 KitKat and later OS versions. Sensitive documents, if stored on your devices, should be encrypted if possible.

Tip: Check your device settings to see if your devices encrypt by default! Permanently delete any University data stored on your device as soon as it is no longer needed.

More Tips

Use secure WiFi

Using a secure WiFi connection, like eduroam while on campus, ensures your device is less susceptible to attack and your online activities are more protected. Your accounts and passwords should never travel unencrypted over a WiFi network, because insecure WiFi network traffic can be easily intercepted. Any sensitive data, especially login information, should always be viewed via a secure WiFi connection.

Tip: Most modern mobile devices will warn if a network is insecure!

Follow safe disposal practices

When you are ready to dispose of your device, be sure to remove all sensitive information first. Learn how at z.umn.edu/clearyourdevice.