Encryption is simple to implement and easy to use, with little or no inconvenience to the end-user. The instructions below will take you through the general encryption process; you must read the instructions carefully and complete all three steps in order to ensure that data is not put at risk.
When encrypting computers owned by the University it is strongly recommended that the encryption process is carried out by your local IT support team, or the IT Service Desk, who will ensure that appropriate back ups are made and that recovery keys are stored in a safe location.
|Step 1 - Preparation||
You should always maintain a recent backup of your important data to protect against unexpected data losses.
There is a slightly increased risk of data loss during the initial encryption process. Therefore it is essential that your important data is backed up before starting the encryption process and regular backups are maintained.
If you are not sure how to do this or would like some general advice on data management, contact your local IT support team or the IT Service Desk.
|Step 2 - Encryption||
The encryption tool chosen depends on the information being processed, how it is being processed and the technologies being used. The IT Service Desk can provide support to individuals that require advice or assistance with encryption on a case by case basis.
Protecting Your Computer
Where sensitive files will be stored on a portable computer, the whole computer should be encrypted. This is the most secure and user friendly way of working.
Compatible computers will be encrypted using BitLocker or FileVault 2, these encryption technologies are integrated with recent versions of Windows and Max OS X for a seamless user experience.
Protecting files and folders
To protect individual files, folders and removable media there are a variety of options, dependent on the work being done.
Protecting files sent by email
Sensitive information should not be sent by email without a consideration of the risks and, if necessary, encryption of the contents.
Protecting information in the cloud
This includes Dropbox, Microsoft Sky Drive, Apple iCloud and any external service that does not have a contract with the University of Sheffield. Encryption is not necessary for files stored in University Google Apps accounts but the advice is still relevant for personal accounts.
Mobile security & encryption
It is important that mobile devices such as smartphones and tablets are also protected. For further information please see the Mobile Security webpage.
For device specific encryption instructions please consult the website of your mobile device manufacturer or contact the IT Service Desk for assistance. Encryption can normally be enabled with just a few menu options.
By default, any iOS (iPad, iPhone) device will be encrypted if it has a PIN code or password enabled. More information can be seen on the Apple website: http://support.apple.com/kb/ht4175
|Step 3 - Managing passwords and recovery keys||
This step in the encryption process is essential and must not be skipped under any circumstances; when deployed properly the encryption mechanisms recommended above cannot be circumvented.
To ensure that data can be recovered in the event of unexpected incidents it is vital that a copy of the password or recovery key is kept in a safe place. For University owned IT equipment it is recommended that passwords and recovery keys are managed by local IT support teams.
Help and Support
The IT Service Desk will provide support to individuals that require advice relating to information security or assistance with encryption on a case by case basis.
We run tailored training sessions for local IT support staff that would like a demonstration of encryption techniques and other information security processes. For information please contact firstname.lastname@example.org