Knowledgebase: IT Security
IT Security: BYOD (Bring Your Own Device) Security Guide
Updated: 23 May 2019 04:36 PM

BYOD (Bring Your Own Device) Security Guide

This guide is for all staff using personally owned devices such as smart phones, tablet computers, laptops, netbooks and similar equipment, to store, access, carry, transmit, receive or use University information or data, whether on an occasional or regular basis.

Using a personally owned device to work with institutional data is allowed however it is required by the Information & Data Classification policy that the user encrypt any devices used for this purpose. In addition, the confidentiality agreement all staff have signed with OCAD U (see attachment) references a legal obligation to protect institutional data which staff have access to. This guide is designed to assist you in following the policy and agreement. 

---

It is the sole responsibility of all staff to adhere to and be in full compliance with the Information & Data Classification policy and signed Confidentiality Agreement. 

It is highly important that encrypt devices (especially laptops used for work) to be in compliance. The following are instructions for encryption for laptops, mobile devices and removable devices:

Mac OS

Windows 10

iOS

Android

Removable Media (such as a USB key)

 

In addition, to be in compliance please follow these standard practices for personal devices used to access OCAD U data:

  • Set and use a passcode (e.g. pin number or password) to access your device. Whenever possible, use a strong passcode. Do not share the passcode with anyone.
  • Set your device to lock automatically when the device is inactive for more than a few minutes.
  • Take appropriate physical security measures. Do not leave your device unattended.
  • Keep your software up to date.
  • Make arrangements to back up your documents.
  • Keep master copies of work documents on a University managed storage service.
  • If other members of your household use your device, ensure they cannot access University information, for example, with an additional account passcode. (Our preference is for you not to share the device with others.)
  • Organise and regularly review the information on your device. Delete copies from your device when no longer needed.
  • When you stop using your device (for example because you have replaced it) and when you leave the University’s employment, securely delete all (non-published) University information from your device.
  • Report any data breaches to itsecurity@ocadu.ca
  • Configure your device to maximise its security. For example each new technology brings new enhanced security features. Take time to study and discover how to use these and decide which of them are relevant to you. 
  • Whenever possible, use remote access facilities to access information on University systems. Log out and disconnect at the end of each session.

 

 If you have any questions about following these guidelines for your personal device(s) please contact ithelp@ocadu.ca 

 



Attachments 
 
 OCAD University Confidentiality Agreement[1].pdf (562.35 KB)