What is encryption?
Encryption is defined by Wikipedia as an technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Data security is of critical importance, and especially so with respect to laptops holding sensitive or confidential data. Laptops may be lost or stolen leading to unauthorized or unintentional disclosure of the information stored on them.
Every day, staff and students across DIT rely on information to achieve their teaching & learning, research, and administrative goals. However, any data that can be considered personal to a living individual (such as name, address, grades, etc.) must be protected in accordance with the Data Protection Acts (1988, 2003). This tenet is reflected in the IT Security Policy, approved by SLT in 2010, which notes:
“… all personal or confidential information being taken for use by authorised staff outside the Institute must be encrypted using an Information Services-approved encryption service.”
Achieving compliance is a significant challenge given the proliferation of data across both DIT and personally-owned laptops, phones, and USB keys, as well as cloud storage solutions. However, the greatest risk of a data breach continues to be a lost or stolen laptop or phone that was not encrypted. Therefore, ICT Services has 3 solutions available to support encryption of DIT devices:
McAfee Endpoint Encryption: for DIT laptops running Windows
Apple FileVault: for DIT laptops running Apple OS X
Microsoft InTune: for DIT mobile phones and tablets running Android, iOS, and Windows
In addition, HEAnet Filesender provides a secure way to share large files with anyone.
Who can use this service?
To get your laptop computer encrypted, contact the Service Desk on 3123 or firstname.lastname@example.org. The process for encrypting a laptop could take up to one day, depending on the amount of data stored. The process involves first making a backup of the data and checking the hard drive for errors before installing the McAfee software. The laptop will run a little bit more slowly for the initial encryption of the hard drive. Thereafter, the impact on performance will be minimal. Laptops that are older than 5 years may have a more noticeable impact.
If you use a personally-owned laptop for DIT-related business then you still need to protect the data from loss or theft. Options to encrypt your laptop include Microsoft BitLocker and Apple FileVault. Whichever product you choose to use, make sure that it is a reputable product. Please note that ICT Services are unable to provide support for encryption on personally-owned laptops.
To get your DIT mobile phone or tablet encrypted, contact the Service Desk on 3123 or email@example.com to request access to the Microsoft InTune Mobile Device Management solution. Once you have been assigned a license, you can download the InTune app from the appropriate App store and encrypt your DIT mobile devices. Details on how to do this are available from the InTune installation guide below.
USB memory stick encryption
To be able to encrypt memory keys (USB sticks), you need to get the McAfee client installed on your PC. Contact the Service Desk on 3123 or firstname.lastname@example.org with details on the name of your computer so that the client can be pushed to your PC. Thereafter, each time you insert a key, you will be given a prompt to encrypt it. This is of benefit to colleagues who wish to encrypt a number of keys for sharing within their department. Further information is available from the McAfee USB key encryption installation guide. Please note it is not possible to recover data from a corrupted memory key, and files should never be stored on a USB stick only.
Office 2013 document encryption
Office 2013 or later, which includes Word, Excel, Powerpoint, etc., includes a facility for appropriately strong encryption of documents, this is a convenient way of sharing confidential documents over email or on shared folders. Please note that the encryption functionality in Office 2003 or earlier is easily broken and should therefore not be used for protecting documents. If you are running a version of Office earlier than 2013, then please contact the DIT Support Desk or your College IT Support service to request an upgrade.
What to do if your laptop or phone is missing:
Where devices storing DIT-owned data are lost or stolen, the DIT data security breach management guidelines must be followed in order to reduce the impact of the breach. This is regardless of whether the device is personally-owned or DIT property. For immediate steps on what to do if a device is lost or stolen, follow the procedure below: