Encrypt devices and data

Encrypt devices and data

This is an essential security practice.

In general, the University advises against storing sensitive University information on your computer. However, if you must store sensitive University information, you must encrypt it to ensure its confidentiality. Anyone who gains access to your computer or storage device—even an unauthorized user—is able to view, copy, or modify unencrypted sensitive information. Encrypting sensitive files will help you control who can view or use the files.

Encryption scrambles the file itself, rendering it meaningless on its own. The file only becomes meaningful when it is decrypted, which requires the correct password or key. Unauthorized users will still be able to copy encrypted files, but they will not be able to open or view them without the password or key.

Requirements

Faculty and staff should discuss encryption with their unit head or local support provider to find out what their unit's encryption requirements and plans are.

  • Encrypt University information according to your unit's encryption plan and using a strong password or key.
  • Encrypt any sensitive University information at rest on electronic storage media.
  • Encrypt portable IT devices (laptops, smartphones, tablets, and removable storage media such as external hard drives or USB flash drives) with whole disk encryption.
  • Provide copies of your encryption passwords or keys to the unit for escrow to ensure that the encrypted information is able to be decrypted in the event that you are unable to decrypt it yourself.
  • Use VPN to create encrypted connections to IT resources.
  • Ensure that sensitive University information is encrypted prior to transmitting it electronically. Use encrypted transmission protocols if it is not possible to encrypt sensitive University information prior to transmitting or receiving it.
  • Do not store or share encryption passwords or keys in a way that identifies the files they protect. If you need to share an encryption key with someone else, use a separate channel from the one you used to send the file (e.g., share the file as an attachment and the password over the phone).

General guidelines

  • Do not store sensitive information on your computer or electronic devices unless it is necessary to do so.
  • Encrypt all sensitive information that you must store.
  • Use a password that is complex and difficult to guess. Encryption only works so long as the password is kept secure.
  • If your device offers whole disk encryption, enable it to protect all of your information.
  • Some encryption software leaves unencrypted versions of files on your device. Be sure to securely erase these files to ensure that the unencrypted information is not recoverable.

External resources

Encrypting Personally Identifiable Information (UD IT help file)
Explains the tools approved for encrypting University information. Be aware that your unit may have different encryption requirements or practices.

Encryption Explained (Indiana University)
Introduces the basics of encryption and provides a look at what other universities are requiring.

Reasons to Encrypt Your Data (Kaspersky Lab)
Explains why encryption is important, even if you don't think you have anything information encrypting.