Encryption is the process of making data unreadable by other humans or computers in order to prevent unauthorized people from gaining access to its contents. Encryption converts all of the data stored on your computer or usb drive or even mobile device into a form that can only be read with the correct password or key. Once the data is encrypted, it can’t be read without first decrypting the information using a unique key or password.
You should always encrypt the following University information according to the Data Classification Standards:
- Financial information.
- Confidential departmental information.
- Student records.
- Exam results.
- Research work & any other sensitive information.
You should also always encrypt the following personal information:
- Financial data.
- Tax returns.
- Photos and videos.
Warning: If you choose to encrypt your files, make sure to have good backups of them before proceeding. Also ensure that you save any decryption passwords or keys in a very safe location. If you lose these, it is absolutely impossible for anyone (including ITS) to decrypt your data. DO NOT encrypt files that are stored on Network Shares or SharePoint. Only encrypt files when transferring them on USB drives or when emailing sensitive information.
Why should I care?
You may not realize it, but once you click on the send button in your email client, email can be opened by unauthorized people if that email ends up in the wrong hands. If you send email with sensitive data and accidentally add some unintended recipients, it can be opened by someone else who should not have it.
What should I do?
Encryption and File Password Protection is not 100% foolproof, but it’s better than leaving your files out in the open. You should password protect your sensitive files before sending them via email outside campus or copying them to a portable hard drives or laptop and tablets. You can make a copy of the original file, give it a new name, password protect it, then email to the recipient or save it on removable storage like a USB key. If you are sending file via email you should communicate the password by another method, such as a phone call. You should enable a PIN or Passcode on your mobile device to keep your device secure and you can force the encryption on your mobile device.
If you require additional information on how to password protect your sensitive data or want to learn more about encryption please contact the service desk at x4357 or email us at itsecurity@brocku.ca
Microsoft Windows Encryption Tools
BitLocker Drive Encryption is an integral build-in security feature in the Windows Operating System that helps protect data stored on fixed and removable data drives and the operating system drive. BitLocker can encrypt your entire hard drive so that it can only be used by either knowing the password or by having a USB key that contains the file that can unlock the encrypted drive. This technology is very valuable when used for portable devices like laptops. If the laptop is lost or stolen, it is impossible for anyone to access the information on the computer without knowing the password.
Please note that you must have USB flash drive with the recovery key and the recovery password in order to recover BitLocker encrypted data.
Warning: If you choose to encrypt your files, make sure to have good backups of them before proceeding. Also ensure that you save any decryption passwords or keys in a very safe location. If you lose these, it is absolutely impossible for anyone (including ITS) to decrypt your data.
Microsoft Office Products (Word, Excel and Power Point) allow you to help prevent other people from opening or modifying your documents, workbooks, and presentations by encrypting documents with password.
7-Zip is an open source software for Microsoft Windows Operating System that is used to compress or zip files secured with encryption. When you send files that contain sensitive information or other confidential data, the files must be encrypted to ensure they are protected from unauthorized disclosure.
How to use 7-Zip to encrypt files or folders:
- When sending .zip files, your email client may block the attachment by design. Please rename the file from .zip to .file and let recipient know to rename file back to .zip upon receiving it. Also, please communicate the password to the recipient for the encrypted file by phone call.
Apple Mac OSX Encryption Tools
FileVault is the technology that Apple offers to encrypt the files on your hard drive. After encrypting those files with a sufficiently strong algorithm, it’s technologically unfeasible to access them using any conventional means.
Please note if you lose or forget both your OS X account password and your FileVault recovery key, you won’t be able to log in to your Mac or access the data on your startup disk.
Mac OSX Disk Utility can be used to create a password-protected (encrypted) disk image.
Mac OSX Built-in Utility can be used to encrypt sensitive information as well.
Warning: If you choose to encrypt your home directory, make sure to have good backups of your home directory files before proceeding. Also ensure that you save any decryption passwords or keys in a very safe location. If you lose these, it is absolutely impossible for anyone (including ITS) to decrypt your data.
Microsoft Office Products (Word, Excel and Power Point) allow you to protect a sensitive or confidential document by using a password to help prevent others from changing or even opening your document. Please click on the links to find more information on how to add or remove protection in your Document, Workbook, or Presentation.
Keka is a free file archiver for Mac OS X that allows files to be password protected.
Please note that when sending .zip files, your email client may block attachment by design. Please rename file from .zip to .file and let recipient know to rename file back to .zip upon receiving it. Also please communicate password to the recipient for the encrypted file by phone call.
Linux Encryption Tools:
Most distributions of Linux require that full disk encryption be done during the initial installation. If that is not an option, you can still encrypt your home directory which will protect most, if not all of the confidential information you might have, since almost all files that you use are stored in your home directory.
Please note though, with the many distributions of Linux, each with multiple versions, you should ensure that any online guide you use is for the correct distribution and version of your particular Linux distribution.
In general, most distributions of Linux (Ubuntu, Fedora, Arch, CentOS, etc) have a facility called eCryptFS which allows you to convert your home directory into an encrypted version.
Warning: If you choose to encrypt your home directory, make sure to have good backups of your home directory files before proceeding. Also ensure that you save any decryption passwords or keys in a very safe location. If you lose these, it is absolutely impossible for anyone (including ITS) to decrypt your data.
Most graphical file managers in distributions of Linux include the ability to create encrypted zip files using a password. In general:
-
- Select the files you wish to put into an encrypted zip file.
- Right click and select an menu option like Compress.
- Make sure to select zip as the type of file.
- There will usually be Additional Options or Other Options. Select this to be able to specify a password for the zip file.
Please note that when sending .zip files, the recipient’s email system may block zip attachments by design. Please rename file from .zip to .file and let recipient know to rename file back to .zip upon receiving it. Also, please communicate the password to the recipient for the encrypted file by a phone call.
On many distributions of Linux you can install a utility called CryptKeeper. This allows you to create a specific directory, or directories, which will have their contents automatically encrypted. Note that this will only apply to those specific directories that you create with CryptKeeper and will not encrypt your files outside of these directories. Encrypting your entire hard drive or home directory is still the best method of encrypting data as you don’t need to specifically store sensitive files and documents in a special directory.
Please note that when sending .zip files, the recipient’s email system may block zip attachments by design. Please rename file from .zip to .file and let recipient know to rename file back to .zip upon receiving it. Also, please communicate the password to the recipient for the encrypted file by a phone call.
Apple iOS Encryption Tools
iOS Mobile Devices (iPhone and iPads) have built in encryption mechanisms. Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email messages attachments, and third-party applications.
Warning: If you choose to encrypt your files, make sure to have good backups of them before proceeding. Also ensure that you save any decryption passwords or keys in a very safe location. If you lose these, it is absolutely impossible for anyone (including ITS) to decrypt your data.
Pages for iOS allow to assign a password to a document so that only those who know the password can open the document.
Numbers for iOS allow to assign a password to a spreadsheet so only those who know the password can open, read, or edit a copy of the spreadsheet.
Android Encryption Tools
Android Mobile Devices use dm-crypt, which is the standard disk encryption system in the Linux kernel. It’s the same technology used by a variety of Linux distributions. When you enter your PIN, password, or pattern on the lock screen, your phone decrypts the data, making it understandable. If someone doesn’t know the encryption PIN or password, they can’t access your data. To encrypt your mobile Android device, just go to settings – security – encrypt device.
Warning: If you choose to encrypt your files, make sure to have good backups of them before proceeding. Also ensure that you save any decryption passwords or keys in a very safe location. If you lose these, it is absolutely impossible for anyone (including ITS) to decrypt your data.
File Locker allows to lock any file using a password and secure the access to it.