Device Encryption

November 16, 2018. ECU users enjoy the freedom of mobile devices and “anywhere access,” but data protection is still one of our most important responsibilities. We offer several available tools to help protect against data loss. One of those tools is device encryption.

Device encryption scrambles data files and renders them unreadable to everyone except an authorized user. Therefore, if your device is lost or stolen, your data is secure. This protects you, your files and any sensitive data you may be storing, possibly other users and the university.

The information on this page is for encrypting any type of data. See these guidelines for the specifics of sensitive data storage and protection, including storage approvals, file disposal and security.

ECU Devices

ECU-purchased MacBook laptops. FileVault 2 is enabled. See the Apple Support article, “Use FileVault to encrypt the startup disk on your Mac.”

ECU-purchased Windows laptops. Dell Encryption software is enabled. Recovery keys are managed through Dell Encryption.

You can also send the encryption service request to have encryption enabled for your Linux, Mac or Windows laptop.

Personal Devices

Important! The recovery keys for personal systems should NOT be saved on the same drive that is encrypted. Hardware changes, BIOS updates, and even some software updates can cause a lockout which will require the recovery key. If it is saved on the locked drive, you do not have access to it. Piratedrive is a secure choice for storing encryption keys as well as printing a copy and saving in a secure location.

Also important! It is a best practice to back up your data before applying encryption in case there is a failure during the process and data is lost.

BitLocker Drive Encryption. Included as part of Windows 7 Ultimate or Enterprise and Windows 8.1/10 Professional or Enterprise editions, BitLocker encrypts an entire drive. A drive can be password-protected, decrypted or BitLocker can be temporarily suspended at any time by the authorized user. See these Bitlocker resources from Microsoft.

Mac FileVault 2. Encryption is built-in. Available from the Security & Privacy pane of System Preferences. Click the FileVault tab in the pane to enable or disable FileVault. See this support article from Apple.

WinZip encryption software. WinZip compresses and encrypts files for sharing. The licensed version of WinZip Pro encrypts files using 256-bit AES encryption. WinZip Pro can be purchased from the WinZip website in single-user or multi-user licensing formats (ECU has no site license for this software).

External storage devices. Bitlocker To Go is available for Windows devices. Disk Utility encrypts external media on a Mac.

Mobile Devices

Submit the encryption service request to have encryption enabled for your Android, iOS or Windows tablet.

Personal mobile devices are encrypted if a PIN is enabled.

Storage Devices

Flash Drives. ITCS recommends Ironkey hardware-encrypted flashdrives for portable storage. If the flashdrive is lost, the data is protected by AES hardware encryption. Ironkey flash drives can be purchased through Staples.

Please Note: Flash drives from state contract vendors (Staples, Tiger Direct, CDWG, etc.) must be blank (without data pre-installed). To learn more about flash drives purchase guidelines, visit the Tech Purchasing website.

What About Email?

Email encryption is required when sending sensitive data OUTSIDE ECU. To learn how to send encrypted email, visit the Email Encryption service page.