Mobile Device Security Guidelines and Best Practices



Mobile phones, tablets, and wearable devices are often used to conduct personal and business communication and transactions. Everyone should do their best to secure their devices and protect their and Pitt’s information and environment. Please read the following guidelines to make sure that your devices are properly secured, regardless of whether they are University-owned or personal.




Category Safety Measure
Operating System and applications
  • Enable automatic iOS or relevant operating system updates and verify they are installed
  • Only install vetted applications such as applications available on trusted sites


Uploaded Image (Thumbnail)


Device loss and theft
  • Maintain physical control; Do not leave unattended devices in unsecured or public places
  • Keep devices out of sight and locked when not in use
  • Protect your device with a passcode and enable screen lock after no more than 15 minutes of inactivity
  • Use strong authentication.   Consult the University of Pittsburg Password Best Practices and Standards (Password Best Practices)
  • Encrypt your device
  • Enable Find My Phone or a similar application
  • Record the serial number and WiFi MAC address
  • Attach a label with your name and a secondary contact phone number to the device
Credential theft/malware/malicious applications
  • Do not reuse Passwords (password hygiene)
  • Avoid saving passwords outside of a secure password vault such as the Pitt Password Manager
  • Turn off Bluetooth and AirDrop when not in use
  • Use a VPN such as GlobalProtect
Data loss
  • Install remote secure wipe utilities
  • Restrict device data syncing to only approved University services 
  • Do not store University data on the device; Only view University data on the device
Advanced settings
Mobile devices containing Pitt information
Policies and Training 
Incident Reporting
  • Notify the Technology Help Desk to reset your University Computing Account immediately.  Make sure to have your multifactor tokens reset as well.
  • Notify law enforcement. If your device is stolen on campus, report the theft to the Pitt Police. If the theft occurs off campus, notify the local authorities as they may be tracking a pattern of thefts, and your details may help them refine their search.
  • Change any passwords for web services that may have cached passwords stored on the missing device. These should include any passwords for services outside of the University such as online banking,, etc.
  • Initiate a remote wipe of the missing device. The Technology Help Desk can assist with this task.


  1. NIST SP 800-124 Rev. 2 - Guidelines for Managing the Security of Mobile Devices in the Enterprise
  2. University of Pittsburgh - Understanding Workstation Security Standards for Remote Work
  3. University of Pittsburgh - Understand the University's Data Risk Classification and Compliance
  4. University of Pittsburgh - Electronic Equipment Disposal (E-Waste)
Request Help


Article ID: 45
Tue 7/18/23 9:20 AM
Tue 2/13/24 1:19 PM

Related Services / Offerings (1)

SECURITY CONSULTING AND EDUCATION KnowBe4 provides security awareness resources to train, promote and reinforce information security best practices.