Encryption
Encryption is the process of converting data into an unreadable code. Only those with the relevant password or decryption key are able to open the encrypted file.
It is recommended to encrypt sensitive data at all times. This applies regardless of whether data are being held on local storage, on network storage, or in the cloud.
Encryption will help ensure your data cannot be accessed by others should anyone attempt to access your files, for example if your laptop or other storage device were lost or stolen.
Generally, data encrypted with some software using an encryption key or passphrase/password can only be decrypted/converted back to its original form using the same method.
Basic principles
• Applies an algorithm that makes a file unreadable
• Needs a ‘key’ of some kind (passphrase or / and file) to decrypt
Encrypting Windows computers
Microsoft Windows comes in various versions. The most professional of these "enterprises”, supports whole disk encryption.
Earlier versions of Windows (Windows 7 and Windows 8) support encryption for the professional versions but not for "home" editions.
BitLocker drive encryption should be available on CDU ITMS-managed Windows computers. If your desktop or laptop doesn't have this, contact the CDU ITMS through LogIT.
Bitlocker
Bitlocker is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
Bitlocker prevents:
• Offline Attack
Bitlocker prevents the type of attack where a malicious user will take the hard drive from your computer and connect it to another computer so they can harvest your data.
• LiveCD Attack
If a malicious user boots from an alternate Operating System, either from hard drive or from a removable device such as a LiveCD the disk contents cannot be read.
• End of Life Leakage
When you re-cycle or dispose of your computer, your data remains encrypted as long as you delete the encryption codes.
Bitlocker does not protect ...
It is a misconception that your password unlocks Bitlocker. Any valid user logging in to the computer decrypts the disk. To protect your computer, you have to make sure that all the users who may log in to it require passwords. Disable all guest login accounts from a BitLocker computer, otherwise hard disk encryption is of no use.
Encrypting macOS devices
CDU ITMS does not provide support and software to macOS devices.
If you conduct your research on macOS, see this Apple support article. You can create and locally store a recovery key, or from OS X 10.10.5 onwards store this key in your iCloud account.
Read more about Protecting your Mac information with encryption on the macOS user guide.
|
Important!
|
Recovery Mechanism
A forgotten or lost encryption passphrase or recovery key means you will permanently lose the ability to decrypt and access the encrypted data. For CDU ITMS-managed devices, recovery keys for Windows BitLocker can be managed by CDU ITMS.
For non-CDU ITMS managed and personal devices, you should store encryption passphrases and recovery keys in a secure and accessible location or service, such as 1Password. CDU ITMS can provide the licence to 1Password upon request through LogIT, provided it is supported by your line manager or a supervisor.
Passwords
• Strong passwords are crucial
• Avoid using weak or easy-to-guess passwords and reusing passwords
• Consider password managers, complex passwords or stringing words together to create stronger passwords
It is recommended to use:
• But, remember that you need to be able to remember the passwords!
Why does this matter?
No matter how good the encryption is that you used, if you use a weak password, the encryption will offer little protection.
A simple way to pick a resilient password that you can remember is to combine at least three or four random unrelated words of four letters or more. In general, the longer the password, the more secure it is.