Encrypt Stored Data

See the Device Encryption Standard in the University's Information Security policy for specific requirements that you must follow. Practice Safe Computing has information about encryption on Enable Security Features on Your Device and Use Your Device Securely pages.

Select an Encryption Product

Built-in the Operating System

Operating System Product Website Notes

Macintosh

File Vault

https://support.apple.com/en-us/HT204837

Full disk and folder encryption for Mac OS X or macOS.

Note: Company administrators can set up a computer-wide master password as a safeguard in the event someone forgets their login password.

Unix

LUKS

https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup

Full disk and folder encryption for various Linux versions (e.g., RedHat, Fedora, CentOS, Debian, Ubuntu, and more)

Windows

BitLocker 

https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-overview

Full disk encryption for OS version 7 and higher

Check out Lynda.com and search for online training videos for Bitlocker, File Vault, and LUKS.

Other Tools

When using vendor or oepn-source software, download the software from a reputable site and periodically check the vendor web site for security patches or updates that must be applied. 

Note: Encryption of HIPAA data or ePHI requires a FIPS140-2 certified application.

Products Options Website Notes
Box Secure Storage University provided https://it.umn.edu/technology/box-secure-storage Recommended for any user. Meets encryption of HIPAA data or ePHI requirement as 140-2 certified application.
7-Zip University provided http://www.7-zip.org/ Available for University computers via SCCM
Kingston DataTraveler Locker -USB Flash Drive Purchase http://www.kingston.com/us/usb/encrypted_security
Check that the USB drive supports the level of encryption needed for the type of data stored.
GNU Privacy Guard (open source version of PGP) Free https://www.gnupg.org/ File and folder encryption
With the Windows Privacy Tray for GnuPG, this allows for easy encryption, decryption and file shredding options. See http://www.gpg4win.org/. More complex solution.
PGP commercial Purchase http://www.pgp.com/products/desktop/index.html File, folder, whole disk or virtual disk encryption. Includes a feature to securely wipe or shred individual files. More complex solution.

Important Reminders

  • Read about the encryption product.  Understand how to configure the software, where to store the keys and what is encrypted. Many products do NOT encrypt the files when they are emailed or saved to external media.
  • Encryption of HIPAA data or ePHI requires a FIPS140-2 certified application.
  • Download encryption software from reputable company Web sites. Some vendor encryption products have been known to install a backdoor for hackers, adware, spyware or viruses.
  • Check vendor web site for security patches or updates that must be applied.
  • Periodically check that the encryption feature on the device is still enabled, especially before saving private data on the device.
  • Encryption is dependent on using a strong password (or passphrase), protecting the password (or passphrase), and using a screen lock with authentication.
  • Encryption generally works on data at rest. When the system is unlocked, encryption feature is generally not activated.
  • All encrypted data can be permanently lost if you forget the encryption password (or passphrase). If you decide to save them, decryption key should be locked in a a safe location.
  • Do not decrypt a file and store in a temporary file someplace. If this occurs, be sure to securely wipe/erase the temporary file from disk.
  • Consider setting up a secure folder or disk partition on the computer for storing private data.