Using data protection and encryption to protect data on your iPhone


Explanation

Securing data on the device

Apple's iPhone implements 256-bit AES to protect all data on the device using hardware encryption.

If a passcode is set on the device (either a simple 4-digit passcode or a complex passcode), a feature called data protection provides additional automatic encryption of mail and mail attachments. Data in any apps which have implemented Apple's APIs for data protection will also be encrypted when a passcode is set. The data protection feature follows the principles of RFC 3394 and is comprised of a hardware component and a software component.

TIP: When configuring your passcode settings, you may consider disabling "Simple Passcode." Simple passcodes are 4-digit numbers and are much more susceptible to brute force attacks. After disabling the Simple Passcode feature, choose a passcode that is longer than four characters. The longer or more complex the passcode, the less susceptible it is to hacking attempts.

NOTE: Consider enabling the "Erase Data" feature, which will erase all data on the device after ten failed passcode attempts are entered. Keep in mind this may not be a good feature to enable if the device is used by young children, as it is more likely they would enter an incorrect passcode in trying to access the device, which would result in complete loss of the device's data.

Securing backups

If your device is configured to back up data to iCloud, the data is encrypted during transmission over the Internet, while stored in iCloud, and when retrieved by using secure tokens.

If you back up your device to your computer, the data is not encrypted by default. You must enable encryption of your backups by configuring a setting in iTunes (Windows) or Finder (macOS).

Enabling remote wipe

If your device is ever lost or stolen, you can remotely erase all data on the device. However, this feature must be enabled ahead of time. If you sync your device with TechMail using the native Apple apps (Mail, Calendar, Contacts, Reminders, or Notes), your device is already configured for remote wipe and you can execute a remote wipe through Outlook on the web.

If you do not sync your device with TechMail using Apple's native apps, you can still get access to a remote wipe feature by enabling Find My iPhone. You can then remotely wipe the device using the "Find My" app on an iPhone, iPad, Mac, or Apple Watch; or using https://icloud.com from a web browser.