Meeting the minimum expectations below protects U-M and your personal data.
U-M Data on Personal iOS Devices
If you are permitted to access or maintain sensitive institutional data using your mobile device, you must meet the minimum expectations below. See Your Responsibilities for Protecting University Data When Using Your Own Devices for a complete list of your responsibilities when using your own devices to work with sensitive U-M data.
Store and share sensitive university data using only approved services. Be aware that personal storage services should not be used to store sensitive university data or information relating to university business. Do not use iCloud (or similar services) to store or backup university data.
Check the Sensitive Data Guide for services approved for use with specific sensitive data types to be sure you are in compliance with U-M guidelines for sensitive data.
If you travel outside of the U.S., be aware certain types of sensitive data cannot be accessed or maintained outside the country. There are legal restrictions on certain sensitive data types, such as Export Control, HIPAA, and FISMA. See the Sensitive Data Guide for details.
Report IT Security Incidents
If your iPhone is lost or stolen and you've used it to store or access sensitive data, notify the ITS Service Center. See Report an IT Security Incident for more details.
- Require a passcode for access. Follow the directions to Set up a Passcode for your device.
- Set the passcode lock to activate after 15 or fewer minutes of inactivity.
- Set your device to erase data after 10 failed passcode attempts.
- Turn on Find My iPhone. If your device is lost, you will then be able to track it or erase the data on it remotely. For instructions, see Set up Find My iPhone.
- Use encryption. Your iOS device should have encryption enabled by default.
Protect your device and data by using secure connections and limiting unnecessary connections.
- Use a Secure Internet Connection. Avoid public and "free" WiFi if possible.
- Use the U-M VPN if using untrusted wireless networks. Be sure to choose the right profile for your campus or affiliation. Untrusted wireless networks include guest wireless in a hotel or coffee shop or other "free" wireless.
- Turn off "Ask To Join Networks" (under Wi-Fi settings). If you need to join a network, open settings and find the desired network.
- Turn off/restrict Bluetooth, AirDrop, and other connections when you aren't using them. Restrict AirDrop shares to your contacts if you do use it.
- Turn on airplane mode when you do not need to use your phone, GPS, radio, WiFi, or Bluetooth. See iOS: Understanding airplane mode.
Stay up to date:
- Update your iOS software to get the latest security updates and improvements.
- Update apps on your iOS device(s) to get the latest security updates and improvements.
Only install apps from the App Store:
- Do not download apps offered to you via email, text messages, or web links.
- Do not install apps offered on pop-ups from third-party websites.
- If iOS alerts you about an "Untrusted App Developer," click "Don't Trust" on the alert and immediately uninstall the application.
Do not make unauthorized modifications to iOS, or bypass security features that prevent you from changing your operating system or downloading unauthorized software. This process, often called "jailbreaking," exposes your device to compromise. See Apple's warning about the dangers of unauthorized modification of iOS.
Securely Dispose of Your Device
Before you dispose of, sell, or give away your device, back up your data and erase all contents and settings to protect you and U-M. See Erase Personal Devices Before Disposal for details.
Additional Best Practices
Consider these additional options for enhanced security and privacy for your device and the data maintained on or accessed from it.
- Turn off GPS/Location Services for apps where you do not need it (under Privacy settings).
- Set your web browser for private browsing. See iOS: Safari web settings for details about Safari security settings. In Chrome, open the Chrome menu and look for the advanced privacy settings.
- Protect yourself online. Learn about strong passwords, how to protect your identity, how to avoid phishing scams, and more.
- Put a sticker on your phone with your name and email address. This low-tech, practical step enables somebody to contact you if they find your lost phone, even if the battery is dead.
- Register your devices. The U-M Police Department offers a free laptop and personal electronics registration program to members of the U-M community to deter theft and assist in the recovery of stolen property.
- Travel safely with technology. Take precautions when you are away from home to protect your privacy and the university's sensitive data.
- Consider using mobile antivirus products.
Related U-M Policies and Standards
- Responsible Use of Information Resources (SPG 601.07)
- Security of Personally Owned Devices that Access or Maintain Sensitive Institutional Data (SPG 601.33)
- Unit-Specific Requirements for Self-Management of Personally Owned Devices that Access Sensitive Institutional Data (DS-07)
- Tech Tools: Cell Phones and Portable Electronic Resources (SPG 514.04)