Mobile Device Encryption Policy
President Gogue signed the Mobile Device Encryption Policy on October 6, 2015. This policy is in response to the university’s insurance company. Effective October 1st, Auburn University’s insurance provider stated that they would no longer cover damages resulting from compromised data on unencrypted mobile devices. The average cost of a data breach was estimated at $3.79 million last year. Auburn had two data breaches in the last 12 months.
Please find the policy at:
I strongly encourage you to read this policy as it does not only affect university-owned but also personal mobile devices if they access or store university data.
What devices need to be encrypted?
The policy states that all portable devices need to be encrypted. The list includes laptops, notebook computers, tablets, smart phones and other easily portable devices. It also covers portable storage devices, such as thumb drives (aka, jump drives, USB drives, USB sticks, flash drive, pen drive), CDs and DVDs, and external hard drives. If anyone is still using floppy or zip disks, these also fall under this policy.
How will I encrypt my mobile devices?
CLA IT will work with CLA faculty and staff to secure and encrypt all university-owned mobile computing and storage devices. CLA IT will also provide assistance with encrypting personally owned storage devices and computing devices that may be affected by this policy. Please pay close attention to the instructions coming from CLA IT that will include meeting with individual employees and general instructions for encryption. The good news is that iOS devices are already encrypted; we just need to ensure that you have a pass code on the device; laptops are easily encrypted (though it will take some time); Android and Windows phones may need some extra work; and portable storage is also easily encrypted (though there are a couple of pitfalls).
Why do we need to worry about encryption?
Encryption on our mobile devices ensures that data accessed and stored cannot be retrieved if the device is stolen or lost, and it also makes it very difficult to retrieve data that is sent over these devices via wireless networks. Much of university data is confidential in nature, be it student records, research data, or administrative information. The university has to ensure that this data is protected, and over the last few years, this kind of protection has become more and more complex – but failure to protect is very expensive!
How can I get started?
The university IT community is working on a number of different processes to make the encryption of mobile devices as painless and non-disruptive as possible.
Step 1: from your end, secure your smartphone and/or tablet. If you have not added a pass code to your phone or tablet, please do so now.
Step 2: think about the mobile storage devices you are using, what kind of data you have on them (does any of that data fall under university data?) and know where these devices are.
Step 3: be ready when CLA IT asks to continue with encryption.
Keep Calm and Encrypt!
Content release date: Friday, October 09, 2015