By Dan Riddington-Young
From March, you will need any device encrypting before you can use it to connect.
University files should only be accessed using encrypted devices or via the remote desktop. All University-owned devices are encrypted before they are made available to staff to use. If you choose to use your own device to work on University files or access your outlook account (to receive your email and calendar alerts) you have a responsibility to make sure your device is encrypted.
From March, we will be ensuring that only secure devices can access University accounts by declining a connection for those which aren’t encrypted. You will still be able to use Outlook Web Access to see your calendar and receive and send email but if you choose to use an Outlook client or other app installed on your phone or tablet, you will need your device encrypting. Most devices running recently released operating systems can be encrypted (although not all of them, so you should check) – and encryption may not be possible on older devices. Some newer devices available (usually discounted tablets or phones sold online) use older operating systems which means they won’t be encryptable.
Why do I need to encrypt my device?
As an employee of Sheffield Hallam University, you have a responsibility to adhere to the IT and data security regulations. (See the policies and regulations documents). Hackers are increasingly targeting their victims using stolen mailing lists and automatic ‘Trojans’ – which can use University address lists or your email contacts to send malicious phishing emails to other staff. If staff receive an email purporting to be from someone they know, they are much more likely to be taken in by the scam. The University has an obligation to protect the personal data of staff and students which could be hacked via a non-University managed device. There is also a risk of confidential, business sensitive information falling into the wrong hands.
What is encryption?
Encryption is the process of encoding information in such a way that it can’t be read by unauthorised people. This means that if a thief or hacker tries to use your mobile device, they will not be able to access University files without knowing your pin code. It will also give similar protection to your personal emails and data which could be accessed from that device.
Why are your telling us this now? Enforced encryption won’t be happening until March?
We wanted to give you plenty of warning. It may take people a little while to get used to using encryption and the fact that they may need to access their accounts in a different way. We realise, too, that sometimes people think about asking for a tablet or mobile phone for Christmas and this might influence their choice of device. This also gives us an opportunity to remind staff about their obligation to keep University files and data safe. We will continue to remind you about this between now and March.
What will I need to do in March if I don’t have my device encrypted?
We will provide a way to encrypt your device if it meets the requirements You will simply need to download the settings which automatically enable the encryption software already installed on the device. This might take up to an hour and you will need to make sure your phone or tablet is backed up and fully charged up before you do that. You will not be able to use it at all while the download is taking place.