Guidelines: Mobile Computing

Summary

There are special considerations in using mobile computing technology because of the increased risk of loss or theft. This policy offers best practices in computing with mobile technology including, laptop/notebook, tablet, PDA, and mobile storage hardware.

Body

  1. Purpose

    1. There are special considerations in using mobile computing technology because of the increased risk of loss or theft. This policy offers best practices in computing with mobile technology including, laptop/notebook, tablet, PDA, and mobile storage hardware. Portable computers (laptop, notebook, netbook, tablet) and other mobile computing devices are especially vulnerable to physical damage or loss, and theft, either for resale or for the information they contain.
    2. Do not forget that the impacts of such breaches include not just the replacement value of the hardware but also the value of any Massasoit data on them, or accessible through them. Information is a vital Massasoit asset. We depend very heavily on our computer systems to provide complete and accurate business information when and where we need it. The impact of unauthorized access to, or modification of, important and/or sensitive Massasoit data can far outweigh the cost of the equipment itself. Moreover, we are required under both federal and state statute to protect personal identity information with which we are entrusted.
    3. While mobile devices offer convenience that can’t be found in traditional desktop computing, there is an additional risk that requires that you secure the device and the data contained on it. Massasoit has purchased and will install encryption software to protect the data stored on any College owned laptop or tablet. This software provides an additional level of protection should the device be lost or stolen. Users may be required to leave the device overnight for the initial encryption to be completed.

  2. Physical Protection of Data and Resources

    1. The physical security of ‘your’ laptop or other mobile device is your personal responsibility so please take all reasonable precautions. Be sensible and stay alert to the risks.

    2. Keep your laptop in your possession and within sight whenever possible, just as if it were your wallet, handbag or mobile phone. Be extra careful in public places such as airports, railway stations or restaurants. It takes thieves just a fraction of a second to steal an unattended laptop.

    3. If you have to leave the PC temporarily unattended in the office, meeting room or hotel room, even for a short while, use a laptop security cable or similar device to attach it firmly to a desk or similar heavy furniture. These locks are not very secure but deter casual thieves.

    4. Lock the laptop away out of sight when you are not using it, preferably in a strong cupboard, filing cabinet or safe. This applies at home, in the office or in a hotel. Never leave a laptop visibly unattended in a vehicle. If absolutely necessary, lock it out of sight in the trunk or glove box but it is generally much safer to take it with you.

    5. Carry and store the laptop in the padded laptop computer bag provided with delivery or strong briefcase with padding to reduce the chance of accidental damage.

    6. Keep a note of the make, model, serial number and the Massasoit asset label of your laptop but do not keep this information with the laptop. If it is lost or stolen, notify the Police immediately and inform the IT Help Desk as soon as practicable.

  3. Access Control

    1. One of the most critical components to a mobile security policy is access control. By design, mobile devices (laptops, tablets, PDAs, smart phones) are meant to be used outside the office. These devices are often used precisely where they're most vulnerable -- in public places, lobbies, taxis, airplanes -- where risks include loss; probing or downloading of data by unauthorized persons; and frequently, theft of the device itself. The level of security that you should have over your mobile device should be equivalent to that of a desktop PC in a locked office.

      1. If you absolutely must have a file that contains personal identity information on your device, you must encrypt the file(s) with strong passwords to keep them secure. Contact the IT Help Desk for further information on file encryption. If your device is lost or stolen, encryption provides extremely strong protection against unauthorized access to the data.
      2. You are personally accountable for all network and systems access under your user ID, so keep your password absolutely secret. Never share it with anyone, not even members of your family, friends or IT staff. Never keep a file of passwords stored on the laptop. This gives a thief immediate access to all of your information and college data.
      3. Institutional computing devices are provided for official use by authorized employees. Do not loan your laptop or allow it to be used by others such as family and friends.
      4. Avoid leaving your device unattended and logged-on. Always shut down, log off or activate a password-protected screensaver before walking away from the machine.

  4. Mobile Storage

    1. Mobile storage devices such as thumb drives or flash drives are frequently part of the use of a mobile device. They make backing up and transporting large amounts of data easy. They also make it very easy to steal data and are easily lost, especially USB devices. NEVER store personal identity information, confidential data, or passwords on a USB device. This represents an unacceptable risk to you and the College for identity theft.

  5. If Your Device Is Lost or Stolen

    1. Immediately notify ITS and Campus Police. Thefts must be communicated to Campus Police and to the Office of the State Comptroller.

    2. ITS will assist you in determining the necessary steps to minimize the damage due to the incident and help with any security risk mitigation. We will also work to restore availability to any of your data stored on the network. Depending on the specific incident, you may be required to change all of your access codes and the incident may have to be reviewed by a Security Response Team. The level of severity of the loss or theft is directly related to the level of protection that you followed for data storage on the device.

    3. Because Massasoit is self-insured, there is no replacement protection. It is very likely that you will not receive a replacement device that is comparable to that lost or stolen and it may not be possible to replace the mobile device at all. Bear this in mind when considering the level of physical access and theft protection that you are following daily.

Details

Details

Article ID: 146792
Created
Fri 9/23/22 12:09 PM
Modified
Fri 9/23/22 12:40 PM