To secure your cellular phones and campus data in compliance with UC Berkeley’s Electronic Information Security Policy, IS-3, encryption is now required for all campus-owned cellular devices and for cellular devices that access campus data. Encryption secures your device data in the event that it is lost or stolen. Once encrypted, data stored on the device cannot be accessed by anyone other than the device owner. If the passcode is forgotten or the device is lost/stolen, the device must be reset, which will erase all existing data and restores the device back to factory settings.

If you use your cellular device, either campus-owned or individually-owned, to access Protected Data, through any of the following, these policies apply to you:

1. Your berkeley.edu email
2. Your Berkeley Calendar
3. Your Berkeley Zoom account
4. Berkeley google docs, gSheets, etc.
5. Any campus system that contains employee or student data

This document provides steps to check if your device is IS-3 compliant and how to secure the device so that it is in compliance. The instructions are separated by device type: Apple and Android. Please note that some steps and/or wording may differ depending on your device and/or model. To check whether you have an Apple or Android device, click on the settings icon on your home screen. Then select General, then select About. This will give you the model number and the type of device you are using.

IS-3 also has the following additional requirements for all mobile devices that access campus systems or data. Be sure to adjust your settings for these, as well:

• The device must be set to lock after at least 15 minutes of inactivity (a shorter duration is even better).  This is in the “Display” settings for both iPhone/iPad and Android devices.
• Your OS and software/apps must be patched and up to date. Set your device and apps to update automatically, or manually apply updates as soon as they are available.  You can find the instructions to do this by going to Settings, Select General, then at the top select Software Update, if needed.
• A 6-digit PIN is the minimum allowed under IS-3 and the Minimum Security Standard for Networked Devices (MSSND). A longer passphrase is strongly recommended for mobile devices used to access or store Protected Data, including your work email. To fully secure all your devices, we recommend the longer passphrase.
• Immediately report lost/stolen work devices to both your supervisor and the Telecom Cellular Unit at wireless@berkeley.edu

 

The following information applies to all cellular devices and tablets, regardless of make or model:

1. NOTE: If your PIN/Password is lost while the device is powered off, the device can only be recovered by a factory reset. You will lose all locally stored data and configuration setup.
2. You must enable ‘lock screen’ before your phone will allow encryption to be turned on.
3. Too many failed attempts when entering a passcode will lock the phone completely. Please make sure you use a passcode that is easy to remember and unique on the device.
4. The steps outlined below may be slightly different on your device or software version.  If you have any questions, look at the vendor’s page or send email to wireless@berkeley.edu and we will help you.

 

Apple iPhone/iPad

Recovery of a locked device is done through your Apple account.  

Secure your device with a passcode and encrypt the data:

1. Go to Settings, select Touch ID & Passcode screen (or Face ID and Passcode on newer models).
2. Select “Turn Passcode On” if not enabled already.
3. Select “Passcode options” to choose a custom numeric or alphanumeric code.  Or choose Face ID and bring the phone to your face for the identification.
4. Confirm your device is encrypted by scrolling to the bottom of the Settings, select Touch ID & Passcode screen. You should see the “Data protection is enabled” message.  iPhone data is encrypted by default.

 

Android - Phone/Tablet

Recovery of a locked device is done through your Google account.  To fully secure your device, do the steps in both the ‘passcode’ and ‘encryption’ sections below.

Secure your device with a passcode:

1. Open the system settings menu. This is often done by pressing the menu button on the device from the home screen and selecting settings.
2. Find and Open the Security menu. On older phones it will be called Location & security
3. Select Screen Lock. On older devices it will be called Configure lock screen
4. Select either PIN or Password or Face ID unlock
5. Adjust the idle time before the screen locks
   • Under ‘Device Security’
   • Tap the configuration gear to the right of the Screen Lock option
   • Tap the ‘Lock after screen timeout’ option
   • Select the time you are comfortable with (15 min max)

Encrypt your device:

Once started the encryption process must not be interrupted or data loss will result.

1. Find a time when you will not need your device for an hour or two.
2. Charge your device and leave it plugged in for the procedure
3. Open the system settings menu. This is often done by pressing the menu button on the device from the home screen and selecting settings.
4. Find and Open the Security menu. On older phones it will be called Location & security
5. Tap Encrypt phone/tablet (it may be under ‘Advanced’)
6. Make sure the phone is charged, plugged in, and a PIN/Password has been set.
7. Tap Encrypt phone/tablet. Tap Encrypt phone/tablet on the next warning screen as well
8. After the process is complete reboot the phone if it did not do so itself. After reboot, if you are prompted to enter your PIN/Password, then you know your phone data has been encrypted and your phone is secured.

To encrypt a Micro SD card in your phone or tablet:

1. Go to the Settings button
2. Select Device then Security
3. Scroll down to Encrypt SD card
4. Encrypt SD card

All data stored on the SD card will be encrypted; however, the information stored on the card cannot be accessed on any other device. To use the card in another device, it must first be decrypted on the same device it was encrypted on.

If the SD card is encrypted, and the device is factory reset, the device will no longer be able to read the encrypted SD card. If possible, decrypt the SD card before performing a reset, otherwise, you will lose access to all data stored on the card (which is ideal if lost/stolen).

 

We thank you for taking the appropriate steps to keep the University devices and data safe, private, and secure.  Questions?  Send email to wireless@berkeley.edu