Best Practices for Mobile Computing Devices
Mobile advocacy makes it easier for advocates to do work while they are on the road or away from the office. Mobile advocacy is especially useful when programs are servicing a large geographic area or a rural area. Devices such as tablets and smart phones help advocates reach out to survivors, access files from the office, receive email, and upload or update paperwork. Their compact size makes it easier to carry than a laptop. Despite their many conveniences and benefits, local programs using mobile devices should be aware of their security and safety issues.
Unlike a computer that is set up in a specific location, tablets and smartphones can be easily stolen or misplaced. It’s also very easy for others (including an advocate’s friends and family) to pick up a tablet or phone and scroll through the information, which could include survivors’ personally identifying information. Someone with more malicious intent could quickly install a spyware program on the device if they have access to it. For these reasons, the first line of defense is to put a passcode lock on the tablet or smartphone. Most devices have a basic 4‐digit security lock. For more security, some devices allow the user to use a more complex security code that includes numbers, letters, and symbols.
Furthermore, some devices allow users to unlock devices with facial recognition or fingerprint scanning. Check the settings in your device to find these features and settings.
Security and anti‐malware software
Users can download security software or anti‐malware software onto devices to strengthen the security. Some security software allows users to track down the device if it’s stolen, or even remotely wipe the device so that whoever stole it cannot see the contents on the device. Anti‐malware software will prevent malware from being installed onto the device, increasing privacy and security.
Don’t share your work mobile devices
If you are using a mobile computing device for work purposes, particularly if client information is stored on the device, it is imperative that only authorized users are accessing the device. While it may be tempting to give the device to a child to play a game or a friend to check something, if there is sensitive, confidential information on the device, allowing others to see it or have access to it may violate confidentiality laws and obligations.
One of the benefits of using a tablet or smartphone is the ability for advocates to access or upload files without having to be in the office. To connect with the office server, the tablet or smartphone will need an internet connection. Be cautious of using public WiFi when uploading or accessing files. Public WiFi are typically insecure networks and can be vulnerable to hacking or interception. If uploading files, particularly when it contains client information or sensitive details, use a virtual private network (VPN) to ensure security, the device’s data plan, or wait until you’re on a secure connection.
Tablets and smartphones allow users to download all kinds of applications (apps). Be cautious of the types of apps that are downloaded. Only download apps necessary for the work that you are doing. Some free applications may access other data stored on the device, such as contacts or pictures. If survivor information is stored in email, contacts, or other areas in the device, it might be possible for the information to be accessed by these apps. Pay close attention to what data these apps are accessing and collecting by reading the permissions, either on the device or the app’s website.
Using Personal Mobile Devices
Because many advocates already have personal cell phones and tablets, it may seem more convenient to carry just one device and more cost effective for the agency. While this may be the case, intermingling client and work information with personal information can be extremely problematic from a safety and privacy standpoint. Although it is best practice to not save survivor personal information onto any devices, particularly mobile devices, if this inadvertently happens, personal contacts and professional contacts could be mixed. If you’re using communication apps, such as Skype or FaceTime to communicate with survivors, their contact information may automatically be listed in your contacts. It’s also more likely that friends and family may pick up your personal device to play with or use. Even if you are not saving contact information, the call logs will be mingled with personal call logs and agency policies on purging text messages, call logs, and voicemails will be harder to follow and enforce. Also be mindful that if survivor information is on your personal devices, you may have to respond to legal requests for information, such as a subpoena or search warrant for information, and have to turn over your personal devices.
Quick Check List When Using Mobile Devices
1. Put a passcode on the device.
2. Do not use public WiFi if sharing client information or other sensitive information.
3. Install security or anti‐malware software onto all devices.
4. Use a secure network or VPN to connect with the office or to share files.
5. Only download apps that necessary for your work onto the device.
6. Check the privacy and security settings on your device.
7. Check the privacy and security settings on a specific app, if possible.
8. Limit how many apps are using your location information.
9. Don’t use personal devices for work purposes.
10. Don’t mingle personal and professional data on the devices, particularly if professional data includes survivor information.
Download this page in a handout version (in PDF)
©2014 National Network to End Domestic Violence, Safety Net Project
Supported by US DOJ-OVC Grant # 2011-VF-GX-K016. Opinions, findings, and conclusions or recommendations expressed are the authors and do not necessarily represent the views of DOJ.