Using a mobile device safely

Mobile devices, such as smartphones and tablets, make it easy to access your University work whilst on the move.

Before you start using your mobile device for University work then there a few simple, but essential, security considerations that apply equally to both University owned and personal mobile devices.

Summary

It's okay to use mobile devices for most types of University business providing the device has been adequately secured, risks have been assessed and relevant policies have been adhered to.

If you:

  • use a mobile device for University work then it must be secured with a PIN code as the absolute minimum.
  • have access to sensitive information (for example personal information or confidential information) then it must not be stored or accessed on a mobile device until you have assessed the risks and taken all necessary steps to secure the device. This includes, but is not limited to, encrypting the device.

What to consider

By considering each of the points below you should be able to use your mobile device for University work safely.

1. Is it appropriate?

The responsibility for protecting University information is shared between the University and the person using that information, i.e. you!

Creating, storing, accessing and processing University information on a mobile device exposes information to additional risks and so you must be careful.

Accessing information such as email, calendar and meeting agendas on a mobile device is normally not a problem providing sufficient protection is in place.

For sensitive information, (such as personal information or confidential information) then it may not be appropriate to use your mobile device until you have taken additional steps to assess the risk, seek authorisation and apply additional security. This is particularly important when using your mobile device to access “personal information” (information about people) that is controlled by the University and may include emails you receive.

There will be occasions where it is not appropriate to process information on a mobile device, for example where there are constraints from a third party such as a research partner.

2. Secure your device

A PIN code must be enabled on any mobile device used to access University information. This simple step provides a good measure of protection for you, your device and any information stored on, or accessible by, the device in the event that it is lost or stolen.

If you plan on using your mobile device to store, create or access sensitive information (including email) then additional security measures must be employed. You can use encryption to prevent unauthorised access to a mobile device and data.

If you are at all unsure about the sensitivity of information or how to secure a mobile device then you must seek further advice from the IT Service Desk before using it for University work.

3. Configure your mobile device

We strongly recommend checking the following settings for both Apple iOS and Android devices:

  • Keep your device’s operating system up to date (Android, Apple iOS)
  • Keep your device’s Apps up to date (Android, Apple iOS)
  • Enable Androids Find My Device or Apple’s Find my iPhone safety features

Instructions for accessing Google Apps (email, calendar and Drive) from your mobile device can all be found on our Google Apps web pages.

4. Using software and online services

You can use software applications (Apps) and online services to access your University work and add extra functionality to your device. When installing new software and/or using an online service for University work you should check carefully to ensure that information is going to be kept safe.

When installing new Apps, software and/or accessing online services they may request;

  • access to your device,
  • access to the data on that device, including University data,
  • access to your accounts, including University accounts.

You must ensure that the access being requested is appropriate. For example, it is unlikely that a game really does require access to your University account.

Android Device App Permissions:

You can review the permissions and access granted to specific Apps on Android devices by following this guidance: Control your app permissions on Android - Google Play Help.

  1. On your Android device, open the Settings app (click on the Cog icon).
  2. Tap Apps & notifications.
  3. Tap Advanced > App permissions.
  4. Select a permission, like Calendar, Location, or Phone.
  5. Choose which apps should have access to that permission.

Apple Device App Permissions:

You can review the permissions and access granted to specific Apps on Apple iOS devices by following this guidance: Change app access to information on iPhone - Apple Help.

  1. Go to Settings (click on the Cog icon) > Privacy.
  2. Tap a category of data, such as Calendars, Reminders, Microphone, or Motion & Fitness.
    The list shows the apps and features that requested access to that data, along with the level of access that you allowed.
  3. Tap an app or feature, then apps should have access to that permission
5. Physical security

Mobile devices are particularly vulnerable to damage, theft and loss. The loss of a device puts both you and the University at risk of harm. The Get Safe Online website has a good summary of physical security risks and solution.

6. Lost or stolen devices

If you believe that the loss of the device presents a significant risk to sensitive information then you must contact us immediately and report the loss as a potential information security incident:

If you have lost a personal device then you should report it to your mobile provider as soon as possible so your phone can be blocked. Notify the police and get a crime or loss reference number.

If you have lost a University phone then let us know as soon as possible by contacting the IT Service Desk.

7. Disposal of devices

Before disposing of a mobile device, or handing it on to someone else, it must have all University information and University accounts removed from it.

Further information

Both Get Safe Online and the ICO website have some excellent general information relating to mobile device security.

If you'd like to discuss any specific requirements or questions then please contact the IT Service Desk.