SMPH Mobile Device Guidance
Lock your screen with a strong password or passphrase
Configure your phone lock screen with a password, PIN, and/or Biometric (facial recognition or fingerprint) to unlock it. Here are tips for each method:
- When use Biometrics:
- Use Biometrics in additional to a Password or PIN
- Use fingerprint scans over facial recognition.
- Passwords:
- The longer the better
- Use a unique password and avoid common passwords (i.e. "1111" or "password123")
- Use lower case, uppercase, numbers, and special characters (example: @ # $ % *)
- PINs:
- Use a 6 digit PIN or longer
- Avoid weak PINs such as "0000" and "1234"
- Avoid easy to guess PINs such as birthdays and anniversaries
- Pattern Locks:
- Use Biometrics, PINs, or Passwords instead of Pattern locks
- If you must use Pattern locks:
- avoid simple patterns such as a square or "Z" shape.
- Keep your screen clean as fingerprint smudges can reveal your pattern.
Why? The biggest risk to your device is losing it and then having someone hack into it. Enabling automatic screen lock ensures that no one can access your device if lost or stolen.
Turn on your device's auto-lock feature
Configure your screen to automatically lock after 3 minutes or less after inactivity. This helps protect your device (and your personal info) from unwanted access.
See the additional resources at the bottom of this page for technical guidance.
Why? You may lose your device, have it stolen, or leave it unattended. Having an auto-locked feature greatly reduces the chances of someone finding your phone unlocked and having instance access to your data.
Keep your phone updated and enable automatic updates
Make sure you’re running the latest version of the phone itself (operating system) and all apps:
- Enable automatic security updates on your phone.
- or -
- Check for and install updates at least weekly.
To check for updates or to enable automatic security updates, see your device's manufacturer (i.e. Apple/iOS and Google/Android) for specifics. Some additional resources are provided below.
Why? Updates often contain new security features and important patches to help keep your information secure.
Be cautious when installing apps
- Only install apps from trusted sources, like Google Play Store or Apple App Store.
- Why? Official app stores are more likely to screen for malicious, counterfeit, or otherwise shady apps and you are much more likely to be notified if you have downloaded a suspect app than if you use other download sites.
- Read the app reviews and make sure the “permissions granted” are necessary for the app to function.
- Why? Many apps collect information about the user for marketing purposes, diagnostics, or as part of the service they provide. This could include everything from your contact list, photos, to your physical location. This information may be stored or distributed to third parties by the app developer, as well as stolen or intercepted by unauthorized users.
- While using Apps, your device may ask you if you want to give permissions "Always", "While Using this App", or "Never". Use the "Never" and "While Using this App" options whenever possible.
- Why? This gives Apps only the permissions they need when they need them. This helps protect your device and data from malicious Apps.
Turn off or disable location services for specific apps
Some devices have features such as "find my phone" and some remote security. These may require Location Services to be on. In this case, disable all other apps from accessing or using Location Services.
If you don't use location services, disable it or turn it off when not using it.
See the additional resources at the bottom of this page for technical guidance.
What is location service? Location tracking services are often used by apps to deliver personalized, location-based information, driving directions, traffic updates, or weather info.
Why? Leaving location tracking on may allow others to know where you are and your travel history.
Avoid using unsecure, public Wi-Fi network
Avoid using unsecured (no password required) and Public Wi-Fi networks.
If you must use insecure or Public Wi-Fi use this tips:
- Use a Virtual Private Network (VPN) service or app as much as possible.
- Always log out of websites especially financial or shopping sites after you've viewed sensitive information or made a payment
- Use a password manager to store your passwords. LastPass and Bitwarden are well known password managers that work on mobile phones.
Why? When you connect to free, unsecured Wifi networks, like those in airports, coffee shops, or hotels, you could be unknowingly putting yourself at risk. Any site you visit (online purchases, mobile banking, etc) where you enter personal details or credit card info could be tracked by cyber criminals.
Turn off or disable Bluetooth
Turn off or disable Bluetooth when not using it.
See your device's manufacturer (i.e. Apple/iOS and Google/Android) for specifics. Some additional resources are provided below.
Why? While on, Bluetooth drains power and has security weaknesses. This security practice greatly reduces the power drain and the risk for a security concern.
Protect your device against theft
Mobile devices (tables, cellphones, etc.) are commonly lost or stolen. To help project your device in the event of loss or theft, follow the recommendations below.
- Don't leave your phone unattended in a public area. If you must leave it unattended, place it in a locked room or container.
- Enroll in your phone manufacturer's "Find my phone" feature. This allows your physically find your device
- Use a remote data wiping feature or services to allow you to erase your phone's data remotely. This is helpful when you suspect your device has been stolen
- Use strong password
- Enable Encryption on your device
- Configure a timeout for failed password attempts
- Consider turning on a feature to factory reset (wipe) your after 20 failed password attempts
- Use the latest phone possible. The latest phones have more security features and are more difficult to hack
See your device's manufacturer (i.e. Apple/iOS and Google/Android) documentation for details. Some additional resources are provided below.
Why? Lost or stolen devices are commonly broken into and your data may be vulnerable.Install an anti-virus application
Install an anti-virus app to keep your phone clean and free of viruses.
See here for a list of well known anti-virus software that can be used on your phone.
Why? Antivirus applications can help protect your phone from malicious attacks. They can help warn you if an application is not safe, track and block unknown callers who might be a threat and can erase your data if you lose your mobile device.
Don't root or jailbreak your device
This refers to modifying or hacking your device to use features or install apps that are restricted by your service provider. Not only does this violate the terms of service of most device manufacturers, it potentially exposes your device to greater harm from malicious apps.
Backup your device
Devices such as Google Android and Apple iPhones can save data to the cloud. Use this feature to backup your data often.
If you cannot save data to the cloud, try plugging your device into a personal computer and manually backing up important data.
See your device's manufacturer (i.e. Apple/iOS and Google/Android) for specifics. Some additional resources are provided below.
Why? Loss, damage, and even software updates can potentially cause you to lose all of your data. If you don’t have a back-up your important phone numbers, favorite photos and other data could be lost forever.
Use caution for Links and QR code
Before scanning a QR code, check to make sure the company or product is real and reputable.
For links:
- Is the URL spelled correctly?
- Does the URL have an expected domain? (i.e. wisc.edu or Microsoft.com)
- Search online for the company to determine if it's real and legitimate.
For QR codes:
- Be cautious of QR codes tapped over each other.
- If the QR code doesn't match the signage or looks out of place, don't scan it.
- Review the URL on the QR and use the tips for Links above.
Why? Some hackers have created malicious links and QR codes that can direct you to websites that could steal your personal information or install malware.
Additional Resources