If you are permitted to access or maintain sensitive institutional data using your mobile device, please meet the minimum expectations below.
See Your Responsibilities for Protecting University Data When Using Your Own Devices for a complete list of your responsibilities when using your own devices to work with sensitive U-M data.
By meeting the minimum expectations below, you also protect your personal data.
Expand All Content
Install U-M VPN software if you expect to use untrusted networks.
Untrusted networks include guest wireless in a hotel or coffee shop. The U-M and UMHS VPNs—Virtual Private Networks—provide a secure computing experience when accessing a U-M network from a remote location or when using a wireless connection. (UMHS users should use the UMHS VPN.)
Use a secure network connection. Your cellular carrier network is the best choice.
When not using WiFi and Bluetooth, turn them off.
Go to Settings and turn off Bluetooth and WiFi.
Keep your apps updated.
Update apps on your iOS device(s) to get the latest security updates and improvements.
Only install apps from the App Store.
- Do not download apps offered to you via email, text messages, or web links.
- Do not install apps offered on pop-ups from third-party websites.
- If iOS alerts you about an "Untrusted App Developer," click "Don't Trust" on the alert and immediately uninstall the application.
Do not make unauthorized modifications to iOS.
Do not unlock or otherwise bypass security features that prevent you from changing your operating system or downloading unauthorized software. (This hacking process is often called "jailbreaking.") You may do this only if it is required for your university work.
Be aware of where data is being stored and store sensitive university data only in approved locations.
Store and share sensitive university data using approved services that meet the requirements of regulation and policy.
- Check the Sensitive Data Guide for services approved for use with specific sensitive data types.
- Be aware that personal storage services should not be used to store sensitive university data, nor should these services be used to store information relating to university business.
- Apple lets you store files in the cloud with iCloud Drive. Do not do this if you work with sensitive university data. (See Settings > iCloud.)
If you travel outside of the U.S., be aware certain types of sensitive data cannot be accessed or maintained outside the country.
Before you sell or give away your device, back it up then erase all content and settings.
Additional Best Practices
Consider these additional options for enhanced security for your device and the data maintained on or accessed from it.
- Turn off "Ask To Join Networks" (under Wi-Fi settings).
- Turn off GPS/Location Services for apps where you do not need it (under Privacy settings).
- Set your web browser for private browsing. See iOS: Safari web settings for details about Safari security settings. In Chrome, open the Chrome menu and look for the advanced privacy settings.
- Turn on airplane mode when you do not need to use your phone, GPS, radio, WiFi, or Bluetooth. See iOS: Understanding airplane mode.
- Avoid using public Wi-Fi hotspots.
- Protect yourself online. Learn about strong passwords, how to protect your identity, how to avoid phishing scams, and more.
- Put a sticker on your phone with your name and email address. This low-tech, practical step enables somebody to contact you if they find your lost phone, even if the battery is dead.
- Register your devices. The U-M Police Department offers a free laptop and personal electronics registration program to members of the U-M community to deter theft and assist in the recovery of stolen property.
- Travel safely with technology. Take precautions when you are away from home to protect your privacy and the university's sensitive data.
- Consider using mobile anti-virus products, but understand that these are relatively new on the market and are still maturing.
Related U-M Policies and Standards
- Responsible Use of Information Resources (SPG 601.07)
- Security of Personally Owned Devices that Access or Maintain Sensitive Institutional Data (SPG 601.33)
- Unit-Specific Requirements for Self-Management of Personally Owned Devices that Access Sensitive Institutional Data (DS-07)
- Tech Tools: Cell Phones and Portable Electronic Resources (SPG 514.04)