Mobile Security at HMS

Before joining your mobile device to the Harvard Medical School network, you must first ensure that your device is encrypted. Encryption ensures that your privacy and security are maintained at all times.

  • All smartphones must require a passcode or PIN consisting of at least 4 characters to unlock the device.
  • The device must be set to lock automatically after 5 minutes and set to erase all data on the phone after 10 unsuccessful password entry attempts.

Until the device locks by itself, you should be mindful of who has access to your phone.

Enable iPhone Passcode Lock
  1. Click the Home button to bring up the main menu
  2. Click on Settings
  3. In the Settings screen click on Touch ID & Passcode
  4. Enter a memorable code, and re-enter it when prompted.
  5. Return to the Home screen when done.
Enable Android Screen Lock
  1. From Home Screen, press Menu
  2. Select Settings, then Location, then Security
  3. Select Passcode Lock
  4. Enter a memorable code, and re-enter it when prompted.
  5. Touch the check mark button to confirm the passcode, and re-enter passcode to confirm.

Best Practice for Personal Devices

Using a personal device for HMS business is up to the discretion of each department. Individuals should check with their manager or department administrator before using a personal device. Approval for personal device use varies greatly between departments and depends on the types of data that each department uses.

For Windows and OS X Systems

  • Keep up to date. Set automatic updates to download and install patches. This applies to all software, including office applications, browsers, browser extensions, etc. Remember to restart!
  • Install CrowdStrike EDR. CrowdStrike is one of the best EDR (Endpoint Detection and Response) software applications available today.
  • Do not use a legacy operating systems or other legacy applications. If your software is not supported, then it's not secure because it's no longer receiving security updates.
  • Enable the system firewall. Enabling the system firewall will help to cut back on unwanted traffic.
  • Encrypt. Encryption not only helps to protect HMS data but personal data as well. Remember to encrypt your backups! Protect your encryption with a strong password/pass phrase that is known only to you. Note that the ability to encrypt depends on operating system.
  • Use a password. Encryption only works if you have a password-protected system. Choose a strong password and don't share it with anyone.
  • Enable 2-step verification. While it may not be possible to do so on a system level, enable 2-step verification on all accounts that support it.
  • Use modern Antivirus/Anti-malware software that updates automatically. Perhaps this goes without saying but it's so important. Anti-Virus is not going to stop a determined nation state attacker but it's going to protect your system from a majority of malware and ransomware.
  • Backup your system. Backing up is the best way to protect against data loss. Encrypt the backup! Backup disks are easy to misplace or have stolen.
  • Turn the power off. When your system is not in use, it's a good idea to turn it off. Your system is much better protected when powered down.
  • Keep the system dedicated to your use. The only way to control what happens on your personal device is to restrict its use by family members and friends. This is easier said than done, of course, but it's also very important. If you do allow your family members to use the system, you should install some parental control software to lock down its use to only the sites that you specifially allow.
  • Don't store HMS data on your device. While not always avoidable, do your best to keep HMS data on servers and not on your personal devices.
  • Use HMS approved solutions. When working with HMS data, use only approved solutions. If you have questions about what's appropriate to use, see the collaboration tools matrix.
  • Don't steal content. Today there's really no reason to steal movies, TV shows, and music. Most everything is accessibile and reasonably priced. Don't use Torrents to steal content. The University has a policy against it, and it's illegal.
  • Only use applications that have a good reputation that you have purchased through reliable methods. Don't download software from suspicious sites. Some sites offer deeply discounted software applications at a high cost. These are often applications that are repackaged to include malware or spyware. Purchase software applications only through reliable sites and don't be tempted by free or deeply discounted versions from less reputable sites.
  • Practice safe browsing. Only visit reputable sites, and avoid clicking on links in email. Use a reputable browser. Clear your cookies and history often. Don't accept third-party cookies. Most modern browsers will allow you to choose what cookies to accept.
  • Practice safe email practices. If you doubt an email's authenticity, delete it. Avoid clicking on links.
  • Keep things as separate as possible. While it's not possible to keep things completely separate, try to keep work and personal use as separate as possible. Use different email clients, browsers, etc.

For Smart Phones and Tablets

  • Keep up to date. Set operating systems and apps to update automatically and regularly check for updates that can't be applies automatically
  • Encrypt. IOS devices are encrypted by default so long as you have a PIN or Password enabled. Android devices vary by manufacturer. Check you manual for instructions on how to enable encryption.
  • Choose a strong passcode. A mix of letters, case, and numbers is best. If you have to use just numbers, increase the length to 10 digits.
  • Enable 2-step verification. See guidance above.
  • Set the device to erase after a number of unsuccessful passcode attempts. The rule of thumb here is 10 but if you want to go lower, go lower.
  • Don't share devices. As with more traditional systems, you can only control what's on the device if you control the device. Don't share devices with family members or friends. Yes, smart devices are great for keeping the kids quiet but give them an older device that you don't use anymore.
  • Don't jailbreak or root your device. Jailbreaking or rooting a device results in a device that is less secure and more susceptible to malicious software.
  • Backup your device often. Encrypt the backups!
  • Don't store HMS data on your device. While not always avoidable, do your best to keep HMS data on servers and not on your personal devices.
  • Purchase apps only through reputable sources. Don't download apps from sites that are not completely trustworthy. Use the official App stores.