iPhone Best Practices

 iPhone Configuration

  • Always update firmware (iOS) to latest version.
  • Turn off 'ask to join networks' and auto-join for all networks.
  • Download the Junos Pulse VPN application.
  • Turn off Location Services unless necessary for specific apps.
  • Require a passcode/PIN to unlock the iPhone.
  • Set auto-lock timeout to a period of 5 minutes or less.
  • Disable SMS preview when the iPhone is locked.
  • Enable erase data upon excessive password failures.
  • Ensure that remote wipe capability exists through Apple, Webmail Plus, or a third party solution.

Safari Configuration

  • Enable Fraud Warning.
  • Disable AutoFill

Operations

  • Turn on airplane mode when you do not need the phone, GPS, radio, Wi-Fi, or Bluetooth.
  • Only turn on WiFi & Bluetooth when you need to connect to a WiFi and Bluetooth network.
  • Use the campus VPN when accessing Western Michigan University resources.
  • Use the cell carrier's network instead of an insecure WiFi network.
  • Use public WiFi hotspots with caution and configure the smartphone so that it does not connect automatically. Use only trusted networks for sensitive matters, e.g., ebanking,/commerce, and emailing.
  • Never jailbreak your iPhone.
  • Erase all data before selling or recycling your iPhone.
  • Be skeptical: take a skeptical approach to messages, content and software, especially when it is coming from unknown sources via SMS, Bluetooth, e-mail, or otherwise.
  • Check reputation: before installing or using new smartphone apps or services, check their reputation using app-store reputation mechanisms and, if possible, with friends, family or colleagues. It is good practice to install apps only from the Apple app store. Never install any software onto Apple devices unless it knows and trusts the source of that software and expects to receive it. Never ignore or override security prompts displayed unless you are confident that you fully understand the risks associated with these actions.
  • Check resource usage and phone bills or prepaid balances. Mobile malware can sometimes be detected by monitoring in this way, especially when premium rate services are being defrauded or abused.

Lost or Stolen

  • Remote wipe the iPhone.
  • Immediately change all saved passwords (Bronco NetID, Google, Facebook, etc.) on the iPhone.
  • If you used your iPhone to access sensitive Western Michigan University information, immediately notify the Office of Information Technology (see lost or stolen devices).
  • See instructions for setting up Find my iPhone.

Sensitive Information

  • Do not store Western Michigan University (and personally owned) sensitive information (WIN, SSNs, credit card numbers, private personal information, etc.) on an iPhone.
  • Only access Western Michigan University sensitive information from non-caching applications or the Safari web browser and ensure that the browser cache is erased afterwards.