If you are permitted to access or maintain sensitive institutional data using your mobile device, please meet the minimum expectations below. By meeting the minimum expectations below, you also protect your personal data. Minimum Expectations Settings Require a password, PIN, or passcode for access. Use at least a 6 digit pin code. Start by checking your Security Settings. The settings on Android devices vary depending on the device manufacturer and the version of the Android operating system you are using. Consult the online or printed documentation for your device, or search an online help forum such as Android OS Help or androidcentral.com for specific instructions. Set the screen lock to auto lock after 15 or fewer minutes of inactivity. Start by checking your Security Settings. The settings on Android devices vary depending on the device manufacturer and the version of the Android operating system you are using. Consult the online or printed documentation for your device or search an online help forum such as Android OS Help or androidcentral.com for specific instructions. Turn on data encryption. Android OS version 7.0 (Nougat) and newer come with encryption turned on by default. For earlier versions of Android, go to Settings, then Security, and choose Turn on Encryption. Install and use a device tracking app to help you find or remotely erase your device if it is lost or stolen. Google offers the Android Device Manager (log in to My Devices). Commercial applications include Lookout Security and Antivirus, Where's My Droid, SeekDroid AntiTheft & Security, Cerberus anti theft, and Android Lost. Connections Use a secure network connection. Your cellular carrier network is the best choice if you do not have a secured wifi available. Use your cellular carrier network and turn off wireless when you are not using it. If you use a wireless connection, make sure it is a secure wireless network. When not using WiFi and Bluetooth, turn them off. Management Keep your Android firmware updated. Keep your apps updated. Only install trusted market apps. Market apps include those from Google Play. Do not install apps from other sources unless required for work and approved by your company. Do not download apps offered to you via email, text messages, or web links. Do not install apps offered on pop-ups from third-party websites. Do not make unauthorized modifications to your operating system. Do not unlock or otherwise bypass device security features that prevent you from gaining privileged control (or "root access") to your device's Android operating system. Be aware of where data is being stored and store sensitive company information only in approved locations. Store and share sensitive company information using approved services that meet the requirements of regulation and policy. Check the Sensitive Data Guide for services approved for use with specific sensitive data types. Be aware that personal storage services should not be used to store sensitive company information. If you travel outside of the U.S., be aware certain types of sensitive data cannot be accessed or maintained outside the country. See the Sensitive Data Guide for details. There are legal restrictions on certain sensitive data types (such as Export Control, HIPAA, and FISMA). Before you sell or give away your device, back it up then erase all content and settings. Look for the backup, erase, reset, or wipe setting. Report security incidents. If you use your device to maintain or access sensitive company information and it is lost or stolen, notify the Runbiz Service Portal. Additional Best Practices Consider these additional options for enhanced security for your device and the data maintained on or accessed from it. Turn off GPS/Location Access for apps when you do not need it. Set your web browser for private browsing. In Chrome, open the Chrome menu and look for the advanced privacy settings. Turn on airplane mode when you do not need to use your phone, GPS, radio, WiFi, or Bluetooth. Look for the airplane, offline, flight, or standalone mode setting. Avoid using public Wi-Fi hotspots. Protect yourself online. Learn about strong passwords, how to protect your identity, how to avoid phishing scams, and more. Put a sticker on your computer with your name and contact information. This low-tech, practical step enables somebody to contact you if they find your lost computer. Travel safely with technology. Take precautions when you are away from home to protect your privacy and the company's sensitive data. Consider using mobile anti-virus products, but understand that these are relatively new on the market and are still maturing.