Encrypt Stored Data
See the Device Encryption Standard in the University's Information Security policy for specific requirements that you must follow. Practice Safe Computing has information about encryption on Enable Security Features on Your Device and Use Your Device Securely pages.
Select an Encryption Product
Built-in the Operating System
Operating System | Product | Website | Notes |
---|---|---|---|
Macintosh |
File Vault |
Full disk and folder encryption for Mac OS X or macOS. Note: Company administrators can set up a computer-wide master password as a safeguard in the event someone forgets their login password. |
|
Unix |
LUKS |
Full disk and folder encryption for various Linux versions (e.g., RedHat, Fedora, CentOS, Debian, Ubuntu, and more) |
|
Windows |
BitLocker |
https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-overview |
Full disk encryption for OS version 7 and higher |
Other Tools
When using vendor or oepn-source software, download the software from a reputable site and periodically check the vendor web site for security patches or updates that must be applied.
Note: Encryption of HIPAA data or ePHI requires a FIPS140-2 certified application.
Products | Options | Website | Notes |
---|---|---|---|
Box Secure Storage | University provided | https://it.umn.edu/technology/box-secure-storage | Recommended for any user. Meets encryption of HIPAA data or ePHI requirement as 140-2 certified application. |
7-Zip | University provided | http://www.7-zip.org/ | Available for University computers via SCCM |
Kingston DataTraveler Locker -USB Flash Drive | Purchase | http://www.kingston.com/us/usb/encrypted_security |
Check that the USB drive supports the level of encryption needed for the type of data stored.
|
GNU Privacy Guard (open source version of PGP) | Free | https://www.gnupg.org/ | File and folder encryption With the Windows Privacy Tray for GnuPG, this allows for easy encryption, decryption and file shredding options. See http://www.gpg4win.org/. More complex solution. |
PGP commercial | Purchase | http://www.pgp.com/products/desktop/index.html | File, folder, whole disk or virtual disk encryption. Includes a feature to securely wipe or shred individual files. More complex solution. |
Important Reminders
- Read about the encryption product. Understand how to configure the software, where to store the keys and what is encrypted. Many products do NOT encrypt the files when they are emailed or saved to external media.
- Encryption of HIPAA data or ePHI requires a FIPS140-2 certified application.
- Download encryption software from reputable company Web sites. Some vendor encryption products have been known to install a backdoor for hackers, adware, spyware or viruses.
- Check vendor web site for security patches or updates that must be applied.
- Periodically check that the encryption feature on the device is still enabled, especially before saving private data on the device.
- Encryption is dependent on using a strong password (or passphrase), protecting the password (or passphrase), and using a screen lock with authentication.
- Encryption generally works on data at rest. When the system is unlocked, encryption feature is generally not activated.
- All encrypted data can be permanently lost if you forget the encryption password (or passphrase). If you decide to save them, decryption key should be locked in a a safe location.
- Do not decrypt a file and store in a temporary file someplace. If this occurs, be sure to securely wipe/erase the temporary file from disk.
- Consider setting up a secure folder or disk partition on the computer for storing private data.