• Report an Incident
• Incident Information
• Self Service Security
• Services and Products
• Best Practices
  • Staff
  • Workstations
  • Personal Systems
  • Servers
  • Mobile Devices
  • Medical Devices
  • All Best Practices
    • Backups
    • Desktop locking
    • Encryption Solutions
    • Information Security Checklist
    • Keep your accounts secure
    • Physical security
    • Recommendations for Securing Mobile Devices
    • Turn off unnecessary services
    • Update the operating system
    • Updating non-operating system software
    • Using a firewall
    • Using anti-spyware
    • Using anti-virus
• Policies, Guidelines and Procedures
• Security Awareness, Training and Education (SATE)
• Vulnerability Information
• About EIS
• What's New

---

Recommendations for Securing Mobile Devices

The following recommendations apply to all mobile devices, including personal mobile devices used for UCSF activities.

Mobile devices include, but are not limited to:

• Text pagers
• PDAs
• Cell phones
• Removable storage:
  • Memory sticks
  • Floppy disks
  • CDs/DVDs/Tapes

1. Consider a more secure alternative method for storing confidential or protected health information.  UCSF-protected servers should be the first option for storage of confidential or electronic protected health information (ePHI).
2. Maintain appropriate physical security for mobile devices. Do not leave laptops and other mobile devices unattended or in unsecured rooms or vehicles. 
3. Only use devices that can restrict access by way of a password or other authentication method.
4. Enable all security features the device may have.
5. Store only the minimum amount of data necessary and for the shortest time possible.
6. For data that requires longer storage requirements, move it to a more secure device and delete it from the mobile device as soon as possible. UCSF-protected servers should be the first option for storage of confidential data or ePHI.
7. Report the loss or theft of a mobile device as soon as possible to the UCSF Police at 476-1414.

Personal computers are not recommended to be used for UCSF business.  However, if you do use your personal computer to store or transmit confidential information, your computer should have protection equal to that of UCSF-owned computers.

1. Maintain appropriate physical security for computing devices storing confidential information.   
2. Require proper identification and authentication to access the device to ensure authorized use only.
3. Enable a properly configured personal firewall.
4. Install anti-virus protectio n that has the latest anti-virus signatures and an auto- update feature.
5. Keep the operating system current, with the latest security patches installed.  Use the auto-update feature that downloads updates when available.
6. Run an anti-spyware program from a trusted source and keep it updated.
7. Connect to the UCSF internal network only through approved remote access methods such as the Virtual Private Network (VPN).

If you have questions or need additional information, please contact ITS Customer Support at customersupport@ucsf.edu or call 415-514-4100 and choose option 1 for Medical Center and option 2 for Campus.

Please tell us what you think of our new website