Recommendations for Securing Mobile Devices
The following recommendations apply to all mobile devices, including both personally and UCSF-owned mobile devices used for UCSF business.
Mobile devices include, but are not limited to:
- Smartphones and tablets
- Text pagers
- Cell phones
- Removable storage, such as USB memory sticks, CDs/DVDs/tapes, etc.
- Avoid storing confidential data on mobile devices entirely. Consider a more secure alternative method for storing confidential or protected health information. UCSF-protected servers should be the first option for storage of confidential or electronic protected health information (ePHI).
- If you can't avoid using confidential data on a mobile device, store only the minimum amount of data necessary to do your work and remove it as quickly as possible
- Never leave mobile devices unattended or in vehicles. Maintain appropriate physical security for mobile devices. Use cable locks when possible.
- Only use PIN/password-protected encrypted devices.
- Enable all security features the device may have.
- Report the loss or theft of a mobile device as soon as possible to the UCSF Police at 476-1414.
We recommend using UCSF devices to perform UCSF business. If you must use a personally owned device for UCSF business, you must comply with the UCSF Minimum Security Standards (/policies/ucsf-minimum-security-standards-electronic-information-resources).
Among other requirements, you must encrypt your personal device. For instructions on encrypting your personal device, visit this page /how_do/encrypt-my-personal-laptopdesktop-installation-guidelines.
If you have questions or need additional information, please contact IT Customer Support at 415-514-4100.