Policy Settings on Mobile Devices that Access SOM Resources
The Information Technology Affairs Advisory Committee (ITAAC) has endorsed, and the FPI Board of Trustees recently approved a Mobile Device Policy which establishes requirements relating to the use of personal, university, and corporate mobile devices used for business purposes. The policy requires all workforce members to comply with the safeguards needed to protect individual workforce members and limit the organizational risk associated with the loss or theft of a mobile device (smartphone, tablet or laptop). The effective date of the policy is January 14, 2015, and all workforce members are required to be in compliance with the requirements of the Mobile Device Policy by May 29, 2015.
The purpose of this Policy is to ensure that all business information stored on and transmitted using a mobile device is secured using an industry best practice standard that meets all regulatory requirements. This Policy defines individual responsibilities and the necessary security provisions for mobile devices such as laptop computers, smartphones, and tablets. This Policy applies to any mobile device which is used to access IT resources managed by the University of Maryland School of Medicine ("SOM").
The following four (4) policy settings will be applied to all mobile devices connected to a @som.umaryland.edu email address (note, if these settings are already applied to the device, no changes will be made):
- Device Encryption
- Simple home screen passcode (minimum of 4 numbers)
- Automatically erase the device after ten (10) failed passcode attempts
- Require re-entry of passcode after inactivity of ten (10) minutes
To Verify Policy Settings on Mobile Devices follow the steps below:
Apple iOS Mobile Devices (iPhone, iPad, etc.)
- Device Encryption
- Set by default on iOS devices and is enhanced when home screen passcode is set (see next section)
- Simple home screen passcode
- Tap Settings > Passcode
- Enter Passcode
- "Turn Passcode Off" will be greyed out and unable to be changed
- Automatically erase the device after ten (10) failed passcode attempts
- Tap Settings > Passcode
- Enter Passcode
- "Erase Data" will be greyed out and unable to be changed
- Require re-entry of passcode after inactivity of ten (10) minutes
- Tap Settings > Passcode
- Enter Passcode
- Tap Require Passcode
- After 5 minutes will be checked (selected)
Android Mobile Devices
- Device Encryption
- Tap Settings > Security
- Encrypt phone, Encrypted will be greyed out
- Simple home screen passcode
- Tap "OK" to proceed.
- Tap "Show all content" on the next screen.
- A 4-digit pin consisting of numbers is the minimum password requirement. For added security, a password may be chosen instead.
- Type in the desired PIN twice
- Automatically erase the device after ten (10) failed passcode attempts
- Tap Settings > Lock Screen
- Scroll down, "Auto factory reset" will be greyed out and set for 10 attempts
- Require re-entry of passcode after inactivity of ten (10) minutes
- Tap Settings > Display
- Tap Screen Timeout
- After 5 minutes will be checked, you may set a shorter time limit for Screen Timeout, but longer timeouts will not be displayed.
BlackBerry Mobile Devices
- Device Encryption
- Tap Settings > Security and Privacy > Encryption
- "Your personal data and files are encrypted" displays on the top
- "Device Encryption" is checked
- Simple home screen passcode
- Tap Settings > Security and Privacy > Device Password.
- Tap Device Password switch.
- Enter a password and confirm
- Automatically erase the device after ten (10) failed passcode attempts
- Tap Settings > Security and Privacy > Device Password.
- Wipe data after 10 failed attempts will be greyed out and unable to be changed
- Require re-entry of passcode after inactivity of ten (10) minutes
- Tap Settings > Security and Privacy > Device Password.
- In the Lock Device After drop-down list, 10 minutes will be selected
Backing up of Mobile Device
The SOM Office of Information Services highly recommends that you regularly backup all data on your mobile device. This is especially important now because of the policy setting on all mobile devices to completely erase the device after ten (10) failed passcode attempts. Many mobile device manufactures give free cloud backup storage space and have automated applications on the device to perform backups. Please check on this for your particular manufacture. The following will provide more information for the three most popular mobile devices.
Apple iOS Mobile Devices:
Android Mobile Devices:
- Tap Settings > Backup and reset
- Check "Back up my data"
- Enter a Google account if not already present
- Check "Automatic restore"
BlackBerry Mobile Devices:
- Follow this link: www.blackberry.com/BlackBerryLink to download the Blackberry Link software to your computer
- Follow the prompts to set up a Blackberry ID if necessary
- Connect your BB device to the computer via USB cable
- Once the device is connected, click on "Back Up & Restore"
- Check "Full Backup"
- Click "Back Up Device"
Removal of Policies from Personal Devices
If you wish to have these policies removed from your personal device (i.e. you have left SOM), please just remove the @som.umaryland.edu email account from your device and the policies will also be removed
For Help and/or questions about the above application or infrastructure, please contact the SOM IS Helpdesk at: help@som.umaryland.edu or 410-706-3998