Frequently Asked Questions about Mobile Device Security

General Questions


General Questions

What constitutes High Risk Confidential Information (HRCI)?
High-Risk Confidential Information includes a person's name in conjunction with the person's Social Security, credit or debit card, individual financial account, driver's license, state ID, or passport number, or a name in conjunction with biometric information about the named individual. High-risk confidential information also includes human subject and personally identifiable medical information.

Is there anything I need to do to prepare for the security policy "push" to my mobile device?
No. HMS IT will be "pushing" out the security policies remotely.

When will my mobile device receive the new security policies?
Prior to the security policies being applied to your device, HMS IT will be sending you an email communication that will include the date your mobile device will remotely receive the new security policies.


What changes will I see once the security policies have been applied?
Your mobile device will ask you to input a password with a minimum password length of 4 characters. The password can be any combination of characters and numbers.

If I already have a PIN setup on my smartphone, what will happen when the HMS IT "pushes" the security policy to my mobile device?
If your pre-existing password meets the 4 character requirement, you should see no difference.

Once timed out, can my mobile device receive phone calls without entering a password each time?

Once timed out, can I place calls without entering a password each time?
Yes, although you will need to enable the outgoing call option if you are using a BlackBerry device. To do so:

  1. Go to Options > Security > General Settings.
  2. Change "Allow Outgoing Calls While Locked" to Yes.
  3. Save the changes.

To place a call when locked, push the trackwheel to display the additional option "Place Call". Select it and make the call as you normally would.

Will ActiveSync devices that do not support device-level encryption be permitted to connect to HMS Exchange?
Yes, devices that cannot support the policy will be allowed to connect. A new security policy is being created for these devices whereas it will require password only, no encryption.

Will personal devices (non-Harvard owned devices) be forced to accept the new security policies?
All mobile devices connecting directly to Harvard Medical School's Exchange email system will be required to receive the security policies.

If I forget my mobile device password, how can I have it reset?
If you use ActiveSync on a mobile device (i.e. iPhone, Android, PocketPC, Palm, Nokia) you can retrieve a password by:

  1. Logging into Outlook Web Access (
  2. Click on Options in the upper right corner.
  3. Click Mobile Devices from the left menu bar.

If you use a BlackBerry device, contact the HMS Information Technology Service Desk at (617) 432-2000 for further assistance in resetting your mobile device password.

How do I enable encryption on my BlackBerry device?

  1. Select the Options icon on your BlackBerry desktop screen
  2. Select Security Options
  3. Select General Settings
  4. Set "Content Protection" to Enabled
  5. For best performance, HMS IT recommends "Strength" set to Strong and "Include Contacts" set to No
  6. Click menu button and select Save Changes

Last updated October 4, 2013

Copyright 2014 by the President and Fellows of Harvard College.
Site Updated: 6/13/2014
IT Photo

more info