InfoSec Blog - Mobile Device Encryption

Mobile Encryption

February 26, 2020

In an earlier blog post, I described the importance of encryption and the potential impact of not encrypting devices that hold sensitive University information (TL:DR; Encryption is an important security control and the extra effort dealing with a data breach is much more involved than simply ensuring your devices are properly encrypted in the first place!). 

 

Mobile Devices Need Encryption Too!

With more and more data being stored on our mobile devices, it is important to ensure that they are encrypted to ensure sensitive information doesn't fall into the wrong hands. If not properly protected, anyone who happens across (or steals!) your phone, tablet, or laptop can get access to your files. With proper access controls and encryption added, accessing that data becomes very, very difficult. 

 

How Do I Encrypt My Mobile Devices

Mobile device manufacturers recognize the need for data protection and have made it very easy to secure your device and your data. In some cases these features are enabled by default or part of the standard new device setup process. If you are unsure about the security of your mobile devices, the following information will help you enable encryption on your mobile devices, or to verify that it is already encrypted. 

iOS Phones and Tablets

Enabling encryption on an iOS device is as simple as setting a passcode or enabling TouchID or FaceID on the device. Open the Settings app and choose 'Touch ID and Passcode'. Once setup the data on that device is encrypted and protected which you can verify by seeing the text "Data Protection is Enabled" on the Passcode menu.

More information can be found here - https://support.apple.com/en-us/HT204060

Android Phones and Tablets

Some Android devices are encrypted by default, such as Google Pixel and Nexus devices. Enabling encryption is typically as simple turning on the feature within the 'Security' settings menu. However, due to the wide variety of devices running Android and number of supported Android versions, it is best to refer to the documentation provided for your specific device.

More information on Google Pixel and Nexus devices can be found here - https://support.google.com/pixelphone/answer/2844831?hl=en 

macOS Laptops

You can use FileVault to encrypt the information on your macOS laptop. FileVault encodes the data on your startup disk so that unauthorized users can’t access your information. To verify the encryption settings, open System Preferences, choose Security & Privacy, and then open the FileVault tab.

More information can be found here - https://support.apple.com/en-ca/guide/mac-help/mh11785/mac

Windows Laptops

Microsoft Windows 10 Education and above offers BitLocker encryption as part of the operating system. Click the Start button, then select Settings, Update & Security, and then Device encryption to verify if BitLocker encryption is available and enabled on your system.

More information can be found here - https://support.microsoft.com/en-ca/help/4028713/windows-10-turn-on-device-encryption

While you are enabling these features, also consider turning on device tracking and remote-wipe capabilities so that in the event of a lost or stolen device, you can either find it quickly or remotely remove all of your sensitive and personal data.

 

Data encryption is a vital part of our layered defense. Encrypting devices reduces the risk for the University and can save everyone a lot of time and headaches in the event of a lost or stolen device.

In all cases, it is important to notify Information Security (infosec@uoguelph.ca) as soon as you become aware that a University-owned device, or device with sensitive University data, has been lost or stolen.

 

Written by: Stephen Willem (Chief Information Security Officer)