Skip to main content

Secondary navigation:

Information Technology Services

Mobile Security Tips

Mobile devices such as laptops, smartphones, iPads, tablets, and external hard drives (usb flash drives, etc.) can contain confidential data. The fact that these devices are mobile makes them particularly vulnerable to threats, since they can be easily accessed, misplaced, or stolen. Take precautions to ensure each of your devices are protected.

Mobile Devices and the Boston College Data Security Policy

In compliance with Boston College's Data Security Policy (PDF), the following should be considered when working with mobile devices:

  • Non-public BC data should not be accessible to anyone who obtains a lost or stolen device.
  • Any non-public BC data stored on a device must be encrypted.

If your mobile device cannot adhere to the guidelines listed on this page, you should NOT store confidential or sensitive data on the device.

Note: To view Adobe Reader® (PDF) formatted files, download the free Adobe Reader.

Tips on Mobile Device Security

  1. Install updates - All mobile device software and downloaded applications should be kept up-to-date.
  2. Use antivirus software, if available - While BC does not provide mobile antivirus software, you may obtain it at your own cost. (Learn about mobile antivirus software.) The antivirus software should be configured to download updates as they become available.
  3. Use Built-In Security Features (Note: Not all mobile devices include these security features.)
    • Require authentication: Always set a PIN, password, or security pattern on your device. If possible, set complex passwords. Learn about how to create a strong password.
    • Enable the device to erase all data after 10 unsuccessful log in attempts.
    • Enable remote wipe. Most major mobile devices have the ability to remotely lock, delete, or disable your device if it becomes lost, stolen, or compromised.
    • Enable idle time lockout and auto-lock.
    • Turn on location apps for your phone such as "Find my iPhone" or find your Android device.
    • Encrypt your mobile device. Do not store or transmit confidential (sensitive) or restricted data on your device unless it is encrypted. Examples of confidential data: passwords, social security numbers, bank account or credit card numbers, etc. For encryption guidance, see BC’s Data Security Directive.
  4. Do not use auto-complete features that remember user names and/or passwords.
  5. Carefully choose your apps and review privacy policies - Do not install software from unknown sources as they may contain malicious software. Review the application’s privacy policy before installing software. Many applications collect and share information about you, such as location-tracking. Pay close attention to the list of required permissions prior to installing an app, and consider alternatives to a permissions-heavy app.
  6. Backup regularly - Backup important files to your computer (or other device) in case your device is lost, stolen, or broken.
  7. Do not access sensitive or restricted data with public Wi-Fi - When banking or shopping, make sure the site is security enabled. Look for web addresses that begin with “https” and have a padlock image in the web address or status bar, which means the site is verified and encrypted. Consider using the BC VPN, which encrypts everything, if you're not sure.
  8. Configure wireless to ask to join before connecting to a wireless network - When wireless is on, select the “ask to join network” option to prevent automatic connections with unknown wireless networks.
  9. Turn off wireless - When not in use, disable Bluetooth, Wi-Fi, location-tracking, etc., to prevent unauthorized use (and to save power!).
  10. Consider using a program that provides a contact point if someone finds your locked device and wishes to return it. For example, the “If Found Lock Screen” for Apple products.
  11. Report lost or stolen devices - Immediately report when your device is lost or stolen and has BC confidential data on it to the BC Help Center at 617-552-4357. After you have remotely wiped your device, notify your mobile carrier to disable it.
  12. Remove all data from the device before selling or discarding your mobile device.
  13. When in doubt, don't respond - Fraudulent email, texting, and calling are on the rise. Requests for personal and financial information, or for immediate action are almost always a scam. Do not respond to anything suspicious on a mobile device. Instead, wait 24 hours and respond from a computer, which has antivirus, malicious website detection, and generally better malware detection. If you notice anything unusual or have questions about a suspicious email, text, or call, please contact the BC Help Center immediately at 617-552-4357.