Increasing Reports of Unencrypted Stolen Laptops

June 12, 2018
In the last few months our office has received an increasing number of laptop theft reports. These incidents occurred both on and off campus, and in varying circumstances, however in all the recent cases the laptops involved were not configured for Full Disk Encryption (FDE). In a few of these cases, the laptops were used to access sensitive data as part of campus business processes, and the Security team is concerned about possible data exposure due to lost and stolen devices with access to campus protected data. 

Campus Minimum Security Standard for Electronic Information (MSSEI) require strong encryption for Protection Level 2 data stored on laptops, mobile devices, and removable media: https://security.berkeley.edu/data-encryption-removable-media-guideline. Even in cases where the data is accessed but not “stored” on the device, data may be temporarily cached and could end up unintentionally written to disk. It can be very difficult after the fact to determine how much, if any, data remained on the mobile device, and therefore we strongly recommend that all mobile devices used to access PL2 data be configured with full disk encryption. This will significantly reduce the workload required to resolve these incidents, and also protect the end user if any of their own personal data remains on the device. 

Also, based on new best practice guidance, as well as policy changes coming from Office of the President, Full Disk Encryption is likely to be a future requirement: https://security.ucop.edu/policies/security-controls-everyone-all-devices.html

Here’s some additional tips for preventing and addressing laptop theft: https://security.berkeley.edu/resources/best-practices-how-articles/security-awareness/preventing-laptop-theft

Please continue to report lost and stolen laptops to security@berkeley.edu, and thanks for your help in securing our information assets.