How do I encrypt my data? (Interim)

Overview

Encryption encodes information in such a way that unauthorized parties should be unable to read it. This helps to prevent compromises to the confidentiality and integrity of your data and is a part of robust, multi-layered security approach. Whether it is a compromised desktop, or a lost mobile or storage devices, encryption ensures that your data remains accessible to only you and your team.

What you can do

  1. Determine your research data’s classification: Data classification
    • Level 3 and level 4 data must be stored on a secure server or must be encrypted at rest on a laptop, mobile device, or removeable storage.
  2. Enable or install full-disk encryption packages based on your Operating System:
    • Windows (institutionally managed): Bitlocker.
      • Pre-installed but might need to be enabled.
      • Contact your Local IT group.
    • Windows (self-managed): Bitlocker.
    • MacOS: Filevault.
    • Linux: Various options; distribution dependent.
    • Android: File-based encryption by default when lock screen enabled.
    • iOS: File-based encryption by default when lock screen enabled.
    • Cross-platform: Various options.
      • Contact your Local IT group for assistance managing encryption through other third-party options.
      • Common solutions include VeraCrypt.
  3. Encrypt at the file or folder level (Note: ZIP files can be transferred across platforms):
  4. Use a self-encrypting device (SED) to supplement full-disk or file level encryption:
    • Servers: If possible, order SED storage drives and motherboards supporting Trusted Platform Module (TPM).
    • External Drive examples: IronKey Vault Privacy 80 External SSD or Samsung T7
    • USB Key examples: Kingston IronKey Locker+ 50
  5. Contact your Local IT group for assistance or other available solutions.