Published on IT Security Office (https://security.duke.edu)

Home > Mobile Devices

Mobile Devices [1]

Keep your mobile device safe!

Mobile devices are an integral part of life at Duke. We use many of the same applications on them that we do on our desktops, and laptops and access the same sensitive data. We recommend the following to ensure that the data on these devices is secured to the greatest extent possible:

Screen Lock iOS (8.x+) Android OS (4.x+) enabled by default

Settings > General > Update OS: Settings > About Phone > Software Updates Software Update

How to: Set a https://support.apple.com/en- How to: passcode us/HT204060 [2] / screen Current version of iOS https://support.google.com/android/answer/9079129?hl=en [3] lock: require a PIN of at least 6 digits

Enable Enabled by default for Enabled by default for Android 5.0 and newer encryption: iPhones 3GS and newer Settings> Security> Encrypt Device 1. Sign in to iCloud with 1. Sign in to Google Find My Device: your AppleID: https://www.google.com/android/find [5] https://www.icloud.com [4] 2. Select the device in question. 2. Choose Find My iPhone. Remote 3. Choose Erase Device. 3. Select the appropriate wipe a lost Not all Android devices provide remote wipe capabilities device. or stolen by default. 4. Click Erase iPhone from device: Check your mobile provider to see if they offer apps with the device screen. this functionality. *Requires iCloud Alternatively, check the Play Store for third-party remote configuration and the Find wipe products. My iPhone app

System Updates & Security Software Mobile devices are susceptible to malware, viruses, and similar threats. Please ensure your software is always up-to-date and install security applications when available. If your device is not longer eligble for iOS or Android updates, then it's a securty risk that cannot be mitigated, and we strongly encourage you to consider replacing it with a device running the most current OS.

Determine if your Apple device supports the newest release of iOS see: https://support.apple.com/en-us/HT209051 [6] For Android devices Update schedules vary by device, manufacturer, and mobile carrier

1. If you have a Pixel phone or Nexus device, learn when you’ll get updates [7]. 2. If you have another Android device, contact your manufacturer or carrier for info [8].

Password & Encryption Ensure your device is password protected to prevent un-authorized access. Use passwords to help protect your privacy if your device is lost or stolen. For sensitive apps, enable the ability to require authentication each type the app is launched. For example on an iOS device you can require the use of FaceID or TouchID before launch apps like LastPass, Box, Microsoft Outlook, and others.

Password protect any important documents that are kept on your device. Your grocery list doesn't need a password, but you don't want confidential information in the hands of a thief. Various applications are available for each device that allow this type of security.

Lock notes on your iPhone, iPad, iPod touch, and Mac [9]

Android does not have a native notes application that offers password protection. Applications like Microsoft OneNote and Evernote can offer this increased level of protection.

LastPass [10] has the ability to store secure notes as well as passwords.

Encryption helps to obfuscate critical data on the device if it's ever lost or stolen.

Never leave a smartphone unattended, even for just a minute. Make it a habit to keep your phone close at all times.

Keep only the documents you really need on your smartphone, and remove and archive older files you don't actively use anymore.

Trading your device in

Before you trade-in or donate your device, be sure that you have wiped all personal information from it. See specific factory reset links below for more information and instructions.

Remote Wipe & Factory Reset

Perform a remote wipe on any mobile device if the device is lost or stolen, and a factory reset prior to re-use, disposal, or trade-in. Mobile devices should be wiped to remove any Duke data on the device, and any connection to Duke data (such as Duke email) should be disconnected. This recommendation applies to Duke-owned devices and any personal devices that may be used to connect to Duke resources.

Note: Cell phones purchased or provided by Duke University should follow the policies issued by the Duke University Procurement Office [11]. Duke University mobile devices should be returned to Procurement and may not be traded in.

If you have a Duke-owned device, consult with IT staff regarding options and configuration to remotely wipe data from the device in the event that it is lost or stolen. For personal devices, consider the steps outlined in the above chart to allow for remotely wiping a device when needed. University Exchange accounts may also wipe a device using the Outlook Web App (mail.duke.edu [12]). When viewing your account options, click "Phone" in the left hand. Devices configured to access your Exchange account will be displayed along with the option to wipe the device. To Factory reset your device:

1. Apple device (iPhone, iPad, iPod Touch): https://support.apple.com/en-us/HT201351 [13] 2. Android device: https://www.digitaltrends.com/mobile/how-to-wipe-your-android-phone-or- tablet/ [14]

Device Tracking To be prepared if the unfortunate circumstances of loss or theft arise you should enable device tracking [15] for all of your mobile devices. Prey (http://preyproject.com/ [16]), is an open source anti-theft solution available for multiple platforms on various devices, that provides certain options should your device get stolen.

*Remember to always contact the DUPD or other local law enforcement to report theft. DO NOT take matters into your own hands.*

VPN Avoid connections to Duke via the Internet from public wifi offerings, and only connect through the Duke VPN client. Some content at Duke requires the use of a VPN connection when off campus. You are also encouraged to use the VPN client when accessing any personally sensitive information from a public wifi offering. See the VPN FAQ [17] page for more information on using a Virtual Private Network. At present there is only a VPN client for iOS [18].

Source URL: https://security.duke.edu/mobile-devices

Links [1] https://security.duke.edu/mobile-devices [2] https://support.apple.com/en-us/HT204060 [3] https://support.google.com/android/answer/9079129?hl=en [4] https://www.icloud.com/ [5] https://www.google.com/android/find [6] https://support.apple.com/en-us/HT209051 [7] https://support.google.com/pixelphone/answer/4457705#when_updates [8] https://support.google.com/android/answer/3094742 [9] https://support.apple.com/en-us/HT205794 [10] https://security.duke.edu/lastpass [11] http://finance.duke.edu/procurement/surplus/faq.php [12] https://mail.duke.edu [13] https://support.apple.com/en-us/HT201351 [14] https://www.digitaltrends.com/mobile/how-to-wipe-your-android-phone-or-tablet/ [15] https://security.duke.edu/device-tracking [16] http://preyproject.com/ [17] https://oit.duke.edu/help/articles/vpn-faq [18] https://oit.duke.edu/help/articles/duke-university-vpn-ios-devices