Secure my mobile devices

There isn't much you can't do on the go using a laptop, smartphone, tablet or some new mobile gizmo or other. We're all busy using these portable mini-computers to shop, bank, work, get directions, read reviews, take pictures, make videos and connect with family and friends. With so much that is important and useful to you in the palm of your hand, security is paramount.

Find out about the main risks to your device and how to protect your data.

At a glance

 Use a good password or PIN and make sure your device locks automatically when not in use

 Only install apps from locations you trust and apply security updates

 Set up a ‘remote wipe’ feature if available, in case your device gets lost or stolen

 
AT OXFORD

Securing your device

The most common modern mobile devices are built pretty securely – you just need to follow some simple steps to vastly reduce the risk of malware or data loss. However, some University data may not be appropriate for use on mobile devices – particularly personal phones and tablets. Ultimately, your head of department is likely to be accountable for ensuring the safe use of mobile devices and for making sure you know what data you are, and are not, allowed to use. To comply with the University’s policies on managing mobile devices you must follow the rules below.

 

Good

  • Make sure your personal device is secured by following the simple steps below

     

Better

  • Use a University-issued device
  • Use a longer PIN or passphrase and/or biometric (e.g. fingerprint scanner) if available

Best

  • Use a University-issued device that is maintained by your IT team’s mobile device management tool

     

How to

Here are some tips on how to meet the University's security requirements on some common devices. 

 

Requirement

iPhone

Android

 

 


Set a PIN of at least 4 digits

 

Settings > Passcode is set

Settings > Security > Screen Lock is set to “PIN” or “Password”


Configure auto-lock

Settings > General > “Auto-Lock” is not set to “Never”

Settings > Security > “Automatically Lock” is set to “5 minutes” or less


Set up remote wipe

Settings > iCloud > Find My iPhone is turned on 

Phone is signed into Google account and location services are turned on


Enable encryption

Automatic when a PIN is set

Automatic by default

 


Use safe apps

Only install apps from the Apple App Store, Google Play store, your handset’s vendor or your mobile network provider


Implement security updates

Respond to prompts to apply updates within a week and regularly apply updates to all apps

Monitor whether your vendor has ended support for your device and keep an eye on the list of approved devices

THE BASICS

Problems with portability

Portability has its own particular security implications for your device and data.

  • The smaller and more portable your device, the more easily it can get lost, damaged or stolen
  • Your data can be intercepted if you connect to insecure or rogue wifi networks
  • Portable devices can get hacked and pick up viruses and other malware just like any other computer
  • You are more exposed to ‘shoulder surfing’ – always check no one's looking over your shoulder or earwigging any confidential conversations

Simply keeping your wits about you will go a long way to protecting your devices as you move around. For the rest, check out the advice below.

Securing your smartphone or tablet

Phones get dropped. Pockets get picked. Tablets get left on bus seats. Accidents and mishaps happen. But there are things you can do to protect your data even if your device gets broken, lost or stolen.

Always set a password/PIN-protected lock-screen to come on automatically when you are not using your device. Ideally, change the default settings so you can use a longer PIN or passphrase. And if your device has fingerprint ID or other advanced security, use that. On smartphones, encryption is often also enabled automatically when you set up a password/PIN (though do check the user guide for your model).

Set your device to ‘erase data’ and/or lock if the wrong password is entered too many times.

Set up a ‘remote wipe’ feature if one is available for your device. If your device is lost or stolen, this will enable you to erase your personal data remotely.

Make sure you have a master copy saved somewhere else of any documents you carry or edit on your mobile device.

Install security updates to your device and the apps you have on it. This helps protect the operating system from the latest malware.

Don't be tempted to ‘jailbreak’ your device. What your mobile device can access and download is deliberately limited to reduce your exposure to malware, so overriding these restrictions is not recommended.

Only install apps from trusted locations. In practice, this means only using the app store which came with your device - this will be Apple Store, Google Play or Microsoft Store. There may be other stores available for your device, especially in your home country if you don't live in the UK or US. If these are large and reputable they are probably safe to use, but you should still be careful when it comes to any app which asks for sensitive data, such as passwords or credit card details. It goes without saying that you should never use any app store which offers free (pirated) copies of popular apps - they're frequently loaded with malware.