Smartphones have become a well-established and familiar presence in the mobile work force. University of Washington (University) employees use smartphones to respond to important business emails, download files with institutional information, and access University applications. If a smartphone is lost or stolen it represents a potential risk to the confidentiality, integrity, and availability of institutional information.
If you use a University or personally owned smartphone to conduct University business, the Office of the CISO encourages you to consider the following settings to help protect the information and secure the smartphone:
- Access – Use an alpha-numeric pass code or PIN to limit unauthorized access to the smartphone. Do not share your pass code or PIN with other individuals.
Automatic lock – Set the smartphone to lock automatically after a few minutes of inactivity (for example between one and ten minutes). The pass code or PIN should be required to be entered in order to unlock the smartphone.
Tamper Wipe – Configure the smartphone to completely wipe or erase itself after the pass code or PIN has been entered incorrectly multiple times in a row (for example 10 invalid pass codes or PINs).
Remote Wipe – Explore options to remotely wipe your device. This can be accomplished through functionality in current versions of Microsoft Exchange, or through for-fee services offered by your cellular provider or phone manufacturer. It is a good idea to test this functionality before you actually need it. It only works if your phone has “service” or an active network connection.
Back up – Back up the information stored on the smartphone on a regular basis to help recover the information in the event that the smartphone is lost or stolen and you initiated a remote wipe, you forget the pass code or PIN, or the pass code or PIN is accidentally entered incorrectly multiple times in a row and you have set the above wipe or erase feature.
Encryption – If supported, enable operating system level encryption on the smartphone. In the event that the smartphone is lost or stolen, this helps protect the information – such as passwords stored in the web browser – from being accessed by means other than the smartphone interface.
SIM cards - If the smartphone uses a SIM card, configure the SIM PIN and configure the smartphone to require the SIM PIN whenever the SIM card has been replaced.
This list represents its examples of configuration settings that can help to secure the smartphone and protect the information stored on it. This list is not exhaustive. Other information security settings may apply to the particular smartphone you are using.
For additional information, consult with your department IT support person or University smartphone support contact. For instructions on how to implement these settings, please refer to the user manual for the smartphone or consult with the cellular provider or manufacturer.