Skip to main content

System Status: 

Secure Your Mobile Devices

Passcode input screen on phone

Follow these tips to keep your mobile devices, including smartphones and tablets, secure.

We shop, bank, and work from our phones and tablets. Sensitive information left unprotected on mobile devices exposes us to theft, safety risks, and security breeches. Take these steps to ensure that you are not leaving yourself open to harm.

Create a passcode for your device

If you have anything on your phone that you would not let a stranger read, use a passcode to protect your device. Mobile devices are often lost, misplaced, or stolen, but are even at risk when you leave them on your desk, at a table in a restaurant, or anywhere that others can access them. A passcode prevents others from being able to access your information if left unattended.

If your device contains university data, your department policy may require secure handling.

  • Create a passcode that is at least four digits or characters. This passcode should be strong (just like your computer password), so refrain from passcodes like "1234" or "1111."
  • Set it to automatically timeout. The shorter the timeout period, the better. IT Services recommends no more than 20 minutes of inactivity. This will reduce the unauthorized use of the device.
  • A passcode does not offer much protection if there are no restrictions on how many times you can attempt to enter the code. Enable an option to erase data after a certain number of failed attempts.

To set a passcode and timeout, take a look at theses instructions for each device:

Keep your firmware and apps updated

Firmware is the operating system on your mobile device. Many updates to the firmware improve the security of your device. Missing an update could expose it to malware or other security attacks. Apps are applications that you download in order to do specific tasks on your smart device such as log into your bank account, buy plane tickets, or shop with a retailer. Keeping the latest version of the application ensures the highest level of security.

Each device is different on how to update the firmware but most require you to connect it to a computer to update. Instructions are available for:

Your apps should notify you when a new installation or update is ready to be downloaded. Make sure you check your phone for updates and install them as soon as possible.

Turn off services when not in use

Wi-Fi, Bluetooth, and other virtual private networks are handy to have when you are using them but when you are not they can expose your device to unwelcome remote connections. Not only will this prolong your battery life, but it will help secure your device. Check your mobile devices user manual on how to quickly turn off these functions. For most devices, you will find it under settings.

Encrypt sensitive data

Encryption is a smart idea for any mobile device because we usually carry information like our credit card number and financial records. Combining encryption with a passcode will help ensure that valuable data is secure.

Most mobile devices have features that can encrypt data. You may want to consider a third-party app from a reputable vendor. Check out this article How to Encrypt your Smartphone from PC World on options with encryption. With an iPhone, the phone is not encrypted if there is no passcode, so you must enable a passcode to enable IOS encryption.

Backup your data

Having your data available to you if your mobile device is lost or stolen is key in being able to recover sensitive data. Make sure you use the backup features available on your mobile device. Get instructions from your user manual or a reputable third-party vendors. The system containing the backup needs to be kept secure as well or all the phone data could be stolen from the storage location. Many phones can make encrypted backups. Use this feature whenever possible. Instructions for backing up your device are available from:

Be selective about what you store on your device

The more information you put on your mobile device, the more you open yourself to security issues. Store as little personally identifiable information on your mobile device as possible.

Be selective about what you choose to install and do on your mobile device. Even reputable companies can make mistakes and leave security loopholes open for hackers. Apps may not be reputable and steal data and many do not use encryption properly (or at all). This exposes passwords and other data, especially when using wireless.

It can be safer to use a browser to access a secure website on your mobile device than use a dedicated app.

Have a plan if your device is lost/stolen

Consider installing an app that allow you to find, lock, or wipe your phone remotely if lost or stolen such as Find my iPhone, Lookout, Lost Phone, or Autowipe. Label your device with minimal information. Put an email address or an office phone number on the device so if it is found it can be identified and returned to you.

If your mobile device is lost or stolen, immediately change all passwords for accounts accessed on the device, especially e-mail accounts. If someone gains access to the device, they will have access to all accounts until the passwords are changed.

If a university-owned mobile device is lost, contact your department's technical administrators. They may be able to remotely delete some devices.

Report the loss to the police. Even if you think your device is lost ad not stolen, reporting the loss to the police allows them to return it to you if it is turned into them.

For more information, contact IT Services Security at security@ucsd.edu.