• OIT Home
• Announcements
• All Students
  • General Environment
  • Computer Requirements
  • Available Software
  • Getting Started
  • Computer Maintenance Responsibility
  • Email
  • VikingWeb
  • Student Directories/Web
  • Computer Labs
  • Telecom
  • Resources
• Faculty/Staff
  • Berry-built Computers
  • Software
  • Getting Started
  • Technical Help Desk
  • Training
  • Computer Labs
  • Telecom
  • Center for Instructional Technology (CIT)
  • Other Resources
• Procurement
  • Procurement Policy
  • Shopping for Technology
• Berry IT Students (BITS)
• Goals/Objectives and Planning
  • OIT Goals and Objectives
  • Three Year IT Plan
• Major Initiatives
• Policies and Procedures
  • Email Policy
  • Computer Use and Ethics Policy
  • Product Licensing Policy
  • Computer Purchasing Policy
  • Hardware and Software Standards Policy
  • Learn About Legal Downloading
  • Mobile Computing Device Policy
• Online Help Desk
• Need Help With?
• OIT Staff/Contact

Mobile Computing Device Policy

Scope

This document defines the policy required to minimize the security risks associated with mobile computing devices.  This policy applies to all Berry College users responsible for Berry-owned mobile computing devices.

Introduction

The theft, loss or damage of Berry-owned information contained on a mobile computing device (laptop, PDA, cell-phone, flash or USB storage device) poses an increasing risk to the college as well as users.  If data are compromised, significant costs can quickly arise due to legal implications, compliance with federal, state and college requirements, lost productivity, procurement of replacement devices and data.

Objectives

• Ensure that any person or department assigned a Berry-owned mobile computing device is aware of requirements to protect any sensitive information it may contain; and
• Offer appropriate resources and support to end users to protect their data and hardware.

Sensitive Data is defined as

• Data protected by law (HIPPA, FERPA, ECOA (Electronic Communication Privacy Act), CFAA (Computer Fraud and Abuse Act), US Patriot Act.
• Student or employee personal information.
• Medical data, including personal confidential information.
• Sensitive financial data.
• Intellectual property; e.g. research notes, data and commercially sensitive information.
• Any information that a person would reasonably wish to remain private.

User responsibility

Users and/or departments of Berry-owned mobile computing devices are responsible for knowing the security required for their assigned mobile computing device and taking appropriate precautions to protect the data:

• If a mobile computing device has no sensitive data as listed in #4 above, then the custodian of the device does not have to do anything except:
  • Make sure the device has been fitted with a free irremovable security tag as long as the device can physically accommodate the tag. These metal warning plates provide a visible deterrent and, in addition, indelibly print a serial code on the device which cannot be easily removed; it has to be ground off.  These tags are free from the OIT Technical Help Desk (706-238-5838).
  • Employs a strong screen password of at least six characters plus two special characters (i.e., !@#$%^&*).
  • Use a physical lock-down cable whenever feasible to protect against theft. Approved cables are available through the Technical Help Desk. 
• If the mobile computing device has sensitive data, then the Technical Help Desk (706-238-5838) can assist in:
  • Making sure that the computing device is protected with a strong password protected screen when left unattended for more than fifteen (15) minutes.  A strong password has at least six characters and two special characters.
  • Setting up a “boot” password for the device such that the device cannot be used by anyone until the “boot” password is entered correctly.
  • Enabling the encryption of all data on the hard drive containing.
  • Acquiring authorized USB encrypted storage drives (thumb drives).
• If your mobile computing device is believed stolen or lost, the assigned custodian needs to advise Campus Safety (706-236-2262) and then Technical Help Desk (706-238-5838) in addition to your manager as soon as possible. In most cases this should be within four hours, preferably less which will ensure that recovery procedures can be activated as soon as is practicable.
• It is recommended that if laptops store very sensitive data that they employ special tracking and recovery software.  This special software will enable the tracing of a stolen laptop as soon as the stolen device is connected to the Internet.  Contact the OIT Help Desk for ordering information.

Security Requirements

All Users of Mobile Computing Devices

• Compliance with this policy.
• Security tag on device available free from the Technical Help Desk.
• Strong screen password.

Users Having Computer Devices Containing Sensitive Data

• All of the above plus
  • “Boot” password.
  • Storage disk drive encryption software available through the Technical Help Desk.
  • Encrypted USB drives available through the Technical Help Desk.
  • Recommend tracking software available through the Technical Help Desk.