Mobile Computing Device Policy


Scope
This document defines the policy required to minimize the security risks associated with mobile computing devices. This policy applies to all Berry College users responsible for Berry-owned mobile computing devices.

Introduction
The theft, loss or damage of Berry-owned information contained on a mobile computing device (laptop, tablet, cell-phone, flash or USB storage device) poses an increasing risk to the college as well as users. If data are compromised, significant costs can quickly arise due to legal implications, compliance with federal, state and college requirements, lost productivity, procurement of replacement devices and data.

Objectives 

  • Ensure that any person or department assigned a Berry-owned mobile computing device is aware of requirements to protect any sensitive information it may contain; and
  • Offer appropriate resources and support to end users to protect their data and hardware.

Sensitive Data is defined as:  

  • Data protected by law (HIPPA, FERPA, ECOA (Electronic Communication Privacy Act), CFAA (Computer Fraud and Abuse Act), US Patriot Act.
  • Student or employee personal information.
  • Medical data, including personal confidential information.
  • Sensitive financial data.
  • Intellectual property; e.g. research notes, data and commercially sensitive information.
  • Any information that a person would reasonably wish to remain private.

User Responsibility
Users and/or departments of Berry-owned mobile computing devices are responsible for knowing the security required for their assigned mobile computing device and taking appropriate precautions to protect the data:

  • If a mobile computing device has no sensitive data as listed above, then the custodian of the device does not have to do anything except:
    • Make sure the device has been fitted with a free irremovable security tag as long as the device can physically accommodate the tag. These metal warning plates provide a visible deterrent and, in addition, indelibly print a serial code on the device which cannot be easily removed; it has to be ground off. These tags are free from the OIT Technical Help Desk (706-238-5838).
    • Employs a strong screen password of at least six characters plus two special characters (i.e., !@#$%^&*).
    • Use a physical lock-down cable whenever feasible to protect against theft. Approved cables are available through the Technical Help Desk. 
  • If the mobile computing device has sensitive data, then the Technical Support Desk (706-238-5838) can assist in:
    • Making sure that the computing device is protected with a strong password protected screen when left unattended for more than fifteen (15) minutes. A strong password has at least six characters and two special characters.
    • Setting up a “boot” password for the device such that the device cannot be used by anyone until the “boot” password is entered correctly.
    • Enabling the encryption of all data on the hard drive containing.
    • Acquiring authorized USB encrypted storage drives (thumb drives).
  • All devices synchronizing with Berry email will be forced to utilize a password that locks their device every 15 minutes.
  • If your mobile computing device is believed stolen or lost, the assigned custodian needs to advise Campus Safety (706-236-2262) and then Technical Support Desk (706-238-5838) in addition to your manager as soon as possible. In most cases this should be within four hours, preferably less which will ensure that recovery procedures can be activated as soon as is practicable.
  • It is recommended that if laptops store very sensitive data that they employ special tracking and recovery software. This special software will enable the tracing of a stolen laptop as soon as the stolen device is connected to the Internet. Contact the OIT Technical Support Desk for ordering information.