CSUEB Mobile Device Standards and Guidelines

 

Security and Disposition

University issued mobile devices, such as tablets and iPads, are managed electronically by ITS. However, those receiving such devices must also use reasonable care to protect these devices and any university confidential data stored on them as outlined on this page.

University employees are expected to physically secure their mobile devices and should report any loss or theft of the device immediately to the University Police Department. In such situations, employees must also contact the Information Security Office(ISO) to determine if any personal identifiable information (PII) may have been exposed. To report such an incident to the ISO, please use the IT Servicenow system, found HERE.

Storing Confidential Data on University Provided Mobile Devices

Confidential data must not be stored on mobile devices unless effective security measures have been implemented to protect the data as outlined in the best practices below. These guidelines must be followed to protect university data and ensure compliance with Federal, State, CSU and CSUEB regulations governing security of information.

Best Practices for Securing University Provided Mobile Devices
Due to the variations in makes and models of mobile devices, users are encouraged to carefully read the User’s Manual for their particular mobile device and implement the following security recommendations, when available. Users are encouraged to contact ITS for assistance.

  • Enable passcode or PIN lock on the mobile device
    • Choose a combination that will be difficult to guess
    • Set the auto-lock option after a period of inactivity
    • When available, enable the option to erase data after a certain number of failed attempts
    • Consider enabling any biometric login options, if available 
  • Only download apps from official app stores (Apple App Store, Google Play, etc.)
    • Remove or refrain from downloading non-essential apps
  • Regularly update the device's software and do not attempt to Jailbreak or otherwise "Root" your mobile device
  • Disable features that could be accessed without entering the passcode
  • When available, enable the "Find My Mobile Device" service
  • Do not connect to public WiFi networks without utilizing the campus VPN service
  • Turn on the encryption option of the device
While browsing web sites with your mobile device
  • Enable available privacy and security settings on the mobile phone’s Internet browser
  • Enable pop-up blockers, if available
  • Enable fraud warning features, if available
  • Do not allow the device to memorize or store passwords to sensitive websites

University mobile devices must be returned to the appropriate administrator once they are no longer needed or upon termination of employment.

The administrator will follow the Information Security Office recommendations to ensure all personal identifiable information has been removed from the device prior to any reissuing or decommissioning of the device. Disposal will follow university procedures. The Information Security Office can be reached at iso@csueastbay.edu

Implementation

The responsibility for adhering to these mobile device standards and guidelines rests with all departments across campus. Please report any apparent violations to the appropriate local administrative authority (vice president, dean, director, department, or program chair) and to the Information Security Office (iso@csueastbay.edu)

Non-Compliance

Noncompliance with applicable policies and/or practices may result in suspension of network and systems access privileges. In addition, disciplinary action may be applicable under other University policies, guidelines, implementing procedures, or collective bargaining agreements.