Securing Mobile Devices

Your phone or tablet likely has access to your NCU email, files, and accounts — making it just as important to secure as a laptop. Learn the essential steps to protect your mobile device and the university data on it.

Lock screen and authentication

The most important thing you can do to secure a mobile device is ensure it requires authentication to unlock. A device without a lock screen is an open door to everything on it — email, files, saved passwords, and any app you're signed into.

  • Use biometrics — Face ID, Touch ID, or fingerprint — as your primary unlock method. Biometric authentication is fast, convenient, and significantly more secure than a PIN for day-to-day use.
  • Set a strong PIN or passphrase as backup. Use at least 6 digits, and avoid obvious patterns like 123456 or your birth year. This is what protects your device if biometrics fail or aren't available.
  • Never use swipe-to-unlock or no lock screen at all. These provide zero protection if your device is lost or stolen.
  • Set your screen to lock automatically after no more than 1–2 minutes of inactivity. The convenience cost is minimal; the security benefit is significant.
  • Enable MFA on your NCU account from your mobile device. The Microsoft Authenticator app (for NCU Microsoft accounts) provides push-notification MFA approval directly from your phone. If you haven't set up MFA yet, see: Setting Up Multi-Factor Authentication.
Email and apps for NCU work

Use the Outlook mobile app for NCU email

NCU recommends the Microsoft Outlook app (iOS and Android) as the primary email client on mobile devices. It supports full MFA, integrates with NCU's security policies, and includes the built-in ability to report phishing directly from your phone.

Avoid accessing NCU email through your device's built-in mail app. Built-in mail apps vary in how well they enforce MFA and security policies, and don't support the Report Phishing feature.

Be selective about what apps you install

  • Only install apps from the official App Store (iOS) or Google Play Store (Android). Third-party app sources don't have the same security review process and are a common malware vector.
  • Review app permissions before installing. An app that requests access to your contacts, microphone, location, or camera without a clear reason is a red flag.
  • Remove apps you no longer use. Unused apps still receive permissions and may still collect data. If you're not using it, delete it.
  • Don't click links in text messages or emails to install apps. Install from the app store directly, not from a link someone sent you.
Updates and app security

Keep your OS and apps updated — always

Mobile operating system updates frequently include critical security patches. Attackers actively target known vulnerabilities in older versions — an unpatched device is an easier target than a patched one, full stop.

Enable automatic updates for both your OS and your apps. If your device is too old to receive current OS updates, consider that it may no longer be appropriate for accessing university data.

Network and connection safety

Be cautious on public Wi-Fi

  • Prefer your cellular connection over public Wi-Fi when doing anything sensitive — email, file access, banking. Cellular is generally more secure than an unknown public network.
  • Use the NCU VPN when connecting to university systems on any network you don't control. Contact IT at 612.343.4170 for VPN setup help.
  • Disable Bluetooth when not in use. Bluetooth is a potential attack vector and a battery drain. Turn it off when you're not actively using a paired device.
  • Turn off auto-join for public networks. Your device auto-connecting to a known network name is exactly how rogue hotspot attacks work.
Lost or stolen devices

Set up Find My / Find My Device now

Before anything goes wrong, enable device tracking so you have options if it does.

  • iPhone/iPad: Settings → [Your Name] → Find My → Find My iPhone
  • Android: Settings → Security → Find My Device (or Google Find My Device)

If your device is lost or stolen

  1. Call IT immediately: 612.343.4170
  2. Change your NCU password from another device.
  3. Use Find My / Find My Device to locate or remotely wipe the device.
  4. Review and revoke active sessions in your Microsoft account at myaccount.microsoft.com.
  5. File a police report if the device was stolen.
Print Article

Related Articles (1)

What to Do if Your Account is Compromised
If you believe someone has unauthorized access to your NCU account, every minute counts. Learn the immediate steps to stop the damage, secure your account, and report the incident to IT.

Related Services / Offerings (1)

Report Information Security Incidents
If you suspect a potential security issue involving any private information—whether the information is on a computer, on paper, on the web, etc.—immediately report the details to IT.