UC San Diego SearchMenu

Secure Your Mobile Devices

Pin input screen on phone

Mobile devices, smartphones, and tablets are computers that need protecting -- just like your laptops or desktop computer. Start here with the basics in securing your mobile device!

We shop, bank, work from our phones. Sensitive information left unprotected exposes us to theft, safety risks, and security breeches. Take these steps to ensure that you're not leaving yourself open to harm.

Expand all

Create a PIN or passcode for your device.

If you have anything on your phone that you would not let a stranger read, then you want to password protect your device. Mobile devices are often lost, misplaced, or stolen but even more easily, leaving your mobile device on your desk, at a table in a restaurant, or in the restroom can leave you open to malware targeting.

If your device contains university data, your department policy may require secure handling.

First, you will need to protect it with a PIN or passcode that is at least four digits or characters. Don't worry, you will still be able to answer incoming calls without entering in the PIN/passcode. This PIN/Passcode should be strong (just like your computer's password), so refrain from using PIN/Passcodes such as "1234" or "1111."

Set it to automatically timeout and request PIN re-entry. The shorter the timeout period the better but no more than 20 minutes of inactivity. This will reduce the unauthorized use of the device.

A PIN/Passcode does not offer much protection if there are no restrictions on how many times you can attempt to enter the code. If you are using a PIN/Passcode, enable the option to "erase data" after a certain number of failed attempts.

To set a PIN and timeout, take a look at theses instructions for each device:

Keep your firmware and apps updated!

Why?

Firmware is the operating system on your mobile device. Many updates to the firmware are to improve the security of your device and missing an update could expose it to malware or other security attacks.

Apps are applications that you download in order to do specific tasks on your smart device such as log into your bank account, buy plane tickets, or shop with a retailer. Keeping the latest version of the application will ensure the highest level of security.

How?

Each device is different on how to update the firmware but most require you to connect it to a computer to update. Here are the instructions for the following devices:

Your apps should notify you when a new installation or update is ready to be downloaded. Make sure you check your phone for updates and install them as soon as possible.

Turn off services when not in use.

Why?

Wi-Fi, Bluetooth, and other virtual private networks are handy to have when you're using them but when you're not, they can expose your device to unwelcome remote connections. Not only will this prolong your battery life, but it will help secure your device.

How?

Check your mobile devices user manual on how to quickly turn off these functions. For most devices, you will find it under settings.

Encrypt sensitive data.

Why?

Encryption is a smart idea for any mobile device because we usually carry information like our credit card number and financial records. Combining encryption with a PIN/passcode will help ensure that valuable data is secure.


How?

There are features available on most mobile devices that can help encrypt data and you may want to consider a third-party app from a reputable vendor. Check out this article How to Encrypt your Smartphone from PC World (Fall 2011) on options with encryption. With an iPhone, the phone is not encrypted if there is no PIN/passcode, so you must enable a PIN/passcode to enable IOS encryption.

Back-up your data.

Why?

Having your data available to you if your mobile device is lost or stolen is key in being able to recover sensitive data.

How?

Make sure you are using the back-up features available on your mobile device. Check the user manual or reputable third-party vendors. The system containing the backup needs to be kept secure as well, or else all the phone data could be stolen from the desktop. Many phones allow for making encrypted backups, so this should be used whenever possible.

Be selective.

The more information you put on your smart device, the more you are opening yourself up to security issues.

Store as little personally identifiable information on your smart device as possible.

In addition, remember to be selective about what you choose to install on your smart device and how you choose to do business. Even reputable companies can make mistakes and leave security loopholes wide open for hackers. Many apps may not be reputable and will steal data and many do not use encryption properly (or at all) so passwords and other data may be exposed, especially when using wireless. (The Southwest Airlines app was recently found to transmit all passwords and flight information without encryption).

It can be safer to use a browser and access a secure web site than use a dedicated app.

Have a plan if your device is lost/stolen

Before any loss occurs:

Consider installing an app that allow you to find, lock, or wipe your phone remotely if lost or stolen such as Find my iPhone, Lookout, Lost Phone, or Autowipe.

Label your device with minimal information. Put an email address or an office phone number on the device so if it is found it can be identified and returned to you.

If your device is lost/stolen:

Immediately change all passwords for accounts accessed on the smart device, especially e-mail accounts. If someone does gain access to the device, they will have continued access to all e-mail, Facebook, some web account, etc. until the passwords are changed.

If it is a university owned device, contact your department's technical administrators. They may be able to remotely delete some devices.

Report the loss to the police. Even if you think your device is just lost (not stolen), you should report it to the police so if the deviced is turned into them it can be returned to you.

Expand all