Purpose

This document describes guidelines for the security measures required to protect portable information assets (and the information that resides on these devices) such as notebook or tablet computers, personal digital assistants (PDAs), CDs, flash drives, DVDs, pagers, cell phones or other similar equipment from theft, loss or damage.

Each employee must follow the requirements for protecting university information, as set forth in Marquette's Information Sensitivity Policy (restricted to campus).

Guidelines

The practices listed below do not cover all potential risks, but will significantly minimize the likelihood of theft, loss or damage to university equipment and information. They may apply to one type of device and not another; the user is responsible for applying the measures appropriate to the device.

• If you travel with a notebook, you should always make sure that you have the notebook case, including all its contents, over your shoulder before you leave the plane, taxi or train. When passing through a security checkpoint, keep your eyes on the device and pick it up as soon as possible.
• Make a record of the make and model of the device and any serial or company identification number on the equipment and store the record in a separate safe place.
• If you must leave a mobile device or notebook in a vehicle, put it out of sight and lock the vehicle or lock it in the trunk. Do not leave equipment in the vehicle at all in very cold or very hot weather, as extreme temperatures may cause damage.
• In an office or work area shared with others, or in an area accessible by the public, either secure the mobile device or notebook, or keep it with you at all times. Never leave it alone in a conference room, hotel room or on an airplane seat, etc. Make arrangements to lock the device in a hotel safe, or take it with you. In the office, always use a lockdown cable. When leaving the office for the day, secure the mobile device or notebook and any other sensitive material in a locked drawer or cabinet.
• Back up your data frequently and store the files in a safe location separate from the mobile device or notebook.
• Encrypt or password-protect each file containing confidential and/or sensitive university information. Make passwords difficult to crack. A mixture of special characters, numbers, and upper and lower case letters is considered the most secure — but only if passwords are not stored on the hard disk. If your mobile device or notebook comes with biometrics software (such as fingerprint imaging) configure the device to use it.
• Sensitive and/or Critical information includes, but is not limited to:
  
  • All information identifiable to an individual (including students, staff, faculty, trustees, donors, and alumni) including but not limited to social security numbers, dates of birth, student education records, medical information, benefits information, compensation, loans, financial aid data, alumni information, donor information, and faculty and staff evaluations.
  • The University's proprietary information including but not limited to intellectual research findings, intellectual property, financial data, and donor and funding sources.
  • Information, the disclosure of which is regulated by federal, state, and/or local government (e.g., FERPA, HIPAA and data collected from human subjects).
    Refer to the University Information Sensitivity Policy for more detail on securing sensitive and critical information.
• Restrict plug and play. Plug and Play is convenient, but can sometimes be dangerous: if someone connects a USB flash drive, MP3 player or external hard disk drive to a notebook, it is recognized automatically — and it is then easy to start exporting data.

Mobile Device Specific Guidelines

• For university-owned mobile devices and for personally-owned devices that contain Marquette sensitive data, the password protection feature for the device must be enabled. In addition, the automatic locking feature must be enabled and a password must be required to unlock the device. The automatic locking feature should be set to lock after 1 minute of inactivity. It is highly recommended these same security measures are enabled for all personally-owned mobile devices.
• Location services should be enabled in order to locate a missing or stolen mobile device.
• Sensitive university information must only be accessed via a secured wireless network.
• The user of a university-owned mobile devices and owners of personally-owned devices that contain Marquette sensitive data must not remove the manufacturer’s restrictions regarding the operating system (commonly known as jail-breaking.) This makes devices far more vulnerable to malware and other threats.

If your mobile device or notebook is lost or stolen file a report with the Marquette University Police Department and report the device’s serial number as lost or stolen to the IT Services Help Desk.

Support

IT Services will provide limited technical assistance on personally owned mobile device or notebook to all university faculty, staff and students.

IT Services will provide technical assistance on university owned mobile device or notebook to all faculty and staff.

Access to this support is available by contacting the IT Services Help Desk.

---

Back to IT Services Policies and Procedures