Questions/ Help Your group administrators will provide any further assistance, whose names you can find out in the group secretariat, in the admin-list or in the User Consulting Office (UCO). Assistance with security issues can be found on the pages of D4 | IT Security and Data Protection and the Computer Security Council.

 

Hazards

Like any PC, mobile devices have complex operating systems and application software that cannot be programmed error-free. Software vulnerabilities that often go undetected for years are used by malware to install malicious features on devices.

In case of loss of a mobile device, data can fall into the wrong hands. This concerns not only confidential documents, but also access and contact data, which is stored on the devices.

As a result of parallel usage of private and business devices, business and private data are increasingly mixed together. In particular, an improper configuration can lead to business data being synchronized with private services and vice versa.

 

Rules

Devices that are connected to DESY networks are subject to rules. Basically, the usage rules for information processing systems at DESY must be followed in the current version.

The "IT security rules" adopted by the Computer Security Council apply additionally to devices that are connected to DESY internal networks. Compliance is mandatory, in particular for self-administered devices.

In addition, of course, all legal and employment-related obligations apply. These should be considered when Web services (Cloud, Mail) are used for business purposes. For instance, you need to check whether you are authorized to synchronize DESY internal documents and information on your private devices.

Preventive measures

To protect data stored on the device in case of theft, the following measures should be taken:

• Set up appropriate access restrictions on the device: Do not use any accounts that can log on to the system on your notebook automatically. Secure the device by choosing a password that meets the requirements of the DESY password policy . For smartphones, tablets and similar devices, access should only be possible by entering a valid PIN. It is strongly recommended to set up an automatic lock after a certain period of inactivity on the device.
• Make sure that your device has a current anti-virus software installed .
• Always promptly install operating system updates and restart the system, if necessary, so that the changes can be applied.
• Install only required apps and keep them up-to-date.
• Activate the feature “Find my Mobile” on your smartphone. If the device is lost, this feature allows you to remotely reset it to the factory settings.
• Backup your data regularly.
• Enable device encryption. Attention: Make sure to back up your data first!
• When installing apps on smartphones and tablets, check which permissions you grant the app. If you find this too far-reaching for the actual purpose of the application, look for alternative apps.
• Write down the necessary data of the device for an emergency (device loss): device ID (IMEI), provider phone number, DESY UCO phone number (5005).

 

In Case of lost

If your mobile device is lost, act quickly and follow these first steps:

• Change any passwords that may be stored on the device (e.g. DESY Phone Book, Cloud Services, Mail, WiFi).
• If necessary, inform your mobile network provider about the loss so that access to the mobile networks can be blocked.
• In the case of service devices, inform the UCO (uco@desy.de) and D4 (d4@desy.de) as soon as possible.
• Also, follow D4's advice on hardware loss.

 

Business Trips

Do never leave your mobile device unattended while traveling!

Safety
When traveling rules and peculiarities have to be considered. First, make sure that all active accesses on your device (e.g. WiFi, Bluetooth) are really necessary. Disabling these accesses reduces the vulnerability of the system and extends battery life. Use only encrypted protocols when transferring passwords! This is especially important, when using a public network (train, airport, hotel). When entering passwords in a web browser https:// must be visible at the beginning of the address bar instead of the unsecure http://.

Encryption abroad
If you use encryption software on your device, special attention has to be paid when traveling abroad. There are import restrictions in some countries. These include e.g. China, Russia, Kazakhstan, Ukraine and Belarus. Encryption software may only be imported if a corresponding license of the respective country is present, which almost equals an import ban for the commonly used encryption solutions. This applies to the mere presence of such software on data carriers or devices. Exceptions to the prohibitions are usually programs in which encryption is only a "secondary function".

Possible Consequences
When traveling to the US, please note that the US immigration authorities are authorized to search through electronic devices and data storage, and to retain data copies that are passed on to governmental or private organizations for deciphering and checking. Failure to comply with the respective import regulations may lead to confiscation of a device or refusal of entry. It is strongly advised to inform about the legal conditions in the country of edstination before traveling abroad and, if necessary, to take a replacement device that meets the relevant requirements. If needed you may borrow loan devices at the UCO.

Security of Apps

Current operating systems like Windows 10/11, iOS, Android, etc. offer a huge and growing range of easy-to-install and free-to-use apps. When selecting a suitable app, however, there are some things to consider. During the installation and usage, you will be prompted to grant the app various permissions on the device. We strongly recommend you to review the permissions required to use an app properly. If the require ments appear too extensive, look for an alternative app. You should also occasionally check your app usage and uninstall unused apps.

For apps that store your data on web services, it is recommended to check first how the data is protected against unauthorized access. As a rule, the terms and conditions and the privacy policy of the service providers deliver information on their web sites.

Configuration

Predefined profiles, certificates, as well as supporting information for WiFi and e-mail settings on mobile devices can be found here.

Key Facts

• Prevent unauthorized access to your device by securing it with a suitable password or PIN.

• Ensure that the programs, apps and operating system installed on your device are up-to-date.

• Install and activate antivirus software - even on smartphones, tablets and notebooks which are not running Windows.

• Store only the most important data on your mobile devices.

• If possible, use central data storage (e.g. Syc&Share) and terminal server at DESY to which you can connect if necessary and thus avoid local data copies.

• Do not store access data in plain text on the devices.

• Check to what extent encryption of all data on the device is possible.

• If you plan to travel abroad, please check the legal situation regarding the use of encryption software in the respective country.

• Plan for a possible loss of a mobile device. Inform yourself in advance about the steps to be taken.

• When selecting and installing apps, be aware of the permissions that you assign.

• Use only encrypted data protocols for the transmission of access data. 

• Disable unnecessary services and networks (WLAN, Bluetooth, GPS, ...).

• In case of a loss, report the loss immediately!