Secure and Manage Your iPhone/iPad
If you access or maintain sensitive institutional data from a mobile device, please meet the minimum expectations below. See University Data and Personally Owned Devices for a complete list of your responsibilities when accessing sensitive U-M data.
By meeting the minimum expectations below, you also will protect your personal data.
Minimum Expectations for a Secure Device
- Require a passcode for access (under General settings). This prevents others from using your device and enhances its built-in encryption. For details, see Apple's iOS: Understanding data protection.
- Set passcode lock to 15 minutes or less.
- Set to erase data after 10 failed passcode attempts.
- Encrypt your phone. This is automatically done for you when you configure a passcode for your device in Step 1 above.
- Turn on Find My iPhone (under iCloud settings) so that if your device is lost, you can track it or erase the data on it remotely.
- Install the U-M VPN if you expect to use untrusted networks (such as free guest wireless in a hotel or coffee shop). UMHS faculty and staff should use
*U-M Health System (UMHS) faculty and staff should use the Cisco AnyConnect VPN client provided by Medical Center Information Technology (MCIT) to access Protected Health Information (PHI), Clinical Network and Applications, Schedulon, and Printing, as well as to access file servers and internal UMHS web content. For more information, installers, and instructions, see VPN - Cisco AnyConnect SSL Client in the UMHS KnowledgeBase.
- Use secure networks, such as your cellular carrier network, wired connections, or MWireless.
- Turn on VPN (under Settings) when you connect to an untrusted network (such as free guest wireless in a hotel or coffee shop). (First, you will need to install the U-M VPN. UMHS faculty and staff should use )
- Turn off optional network connections (WiFi, Bluetooth) when you are not using them.
- Keep your iOS software updated to take advantage of security updates and other improvements.
- Keep your apps updated to take advantage of security updates and other improvements.
- Only install trusted apps from the App Store. Do not install third-party apps unless required for your university work or approved by your department.
- Do not jailbreak your device. Jailbreaking bypasses security features. See Apple's warning about unauthorized modification of iOS.
- Be aware that certain types of sensitive data (such as Export Control, HIPAA, and FISMA) cannot be accessed or maintained outside the U.S. See the Sensitive Data Guide for details.
- Before you sell or give away your device, back it up then erase all content and settings.
- Report security incidents. If you use your device to maintain or access sensitive institutional data and it is lost or stolen, notify the ITS Service Center.
Additional Best Practices
Consider these additional options for enhanced security for your device and the data maintained on or accessed from it.
- Turn off "Ask To Join Networks" (under Wi-Fi settings).
- Turn off GPS/Location Services for apps where you do not need it (under Privacy settings).
- Set your web browser for private browsing. See iOS: Safari web settings for details about Safari security settings. In Chrome, open the Chrome menu and look for the advanced privacy settings.
- Turn on airplane mode when you do not need to use your phone, GPS, radio, WiFi, or Bluetooth. See iOS: Understanding airplane mode.
- Use your cell carrier's network instead of an insecure WiFi network.
- Avoid using public Wi-Fi hotspots.
- Protect yourself online. Use strong passwords, protect your identity, avoid and report phishing, and maintain secure web browser settings.
- Put a sticker on your phone with your name and email address. This low-tech, practical step enables somebody to contact you if they find your lost phone, even if the battery is dead.
Related U-M Policies and Standards