Encryption - Information Security

We all need to take the security of information very seriously. There have been numerous reports in the media of confidential data such as personal records being 'lost' through loss or theft of laptops or backup drives.

The security of confidential information is the responsibility of the individual member of staff or student NOT the University itself, nor the line manager or Head of Department.

What is encryption?

Encryption converts data into a coded form that cannot be read without knowing a password or phrase, sometimes known as the encryption key. Remember that the protection provided by encryption is only as strong as the password used. The longer and more complex the password is, the stronger the protection. We offer comprehensive advice on creating secure and memorable passwords.

If you need to share encrypted documents with others, then you will need to tell them the password. Sharing the password by telephone or text after verifying you are communicating with the right person is ideal. Never send passwords by email.

Be aware that modern encryption techniques are virtually unbreakable so it is just as important to secure the original document on a network drive as it is to ensure only an encrypted copy is placed on a portable device or the hard disk of a desk computer.

What software can I use to encrypt my data?
If you are using Windows 7 you can quickly and easily protect your files using BitLocker, as detailed below. If you do not have Windows 7 or later, you can use Axcrypt.

University MWS laptop encryption - SecureDoc

All laptops purchased through the University PC Scheme will have encryption applied to the hard drive of the machine, as standard.

This means that if a University laptop is lost or stolen, any data that has been stored on the hard drive of the laptop cannot be accessed by unauthorised users, even by removing the hard drive, helping staff to protect important and sensitive data from accidental or malicious loss or damage.

You will not notice any difference when using your laptop. Staff who log on with a valid University account will be able to work as normal. There are just two visible differences to show an encrypted laptop: the icon for the C: drive depicts a padlock to indicate that the hard drive is encrypted; and some additional software called SecureDoc, which is installed as part of applying the encryption.

If you have a University MWS laptop and want to apply encryption, step-by-step online instructions are available.

BitLocker for external media

When using MWS Windows 7 or later, you can use Bitlocker to encrypt the data on external devices such as USB pens.

BitLocker is very easy to use and the encrypted data can be decrypted on other Windows machines.

You can turn BitLocker off for an external drive/USB stick at any time as well, either temporarily by suspending it, or permanently by decrypting the drive.

Turning Bitlocker on:

On an MWS laptop with SecureDoc encryption installed:

  1. Open File Explorer
  2. Right click on the name of the external drive and select Turn on Bitlocker.
  3. Follow the instructions in the on-screen wizard.

If you are using a non MWS machine, turn on Bitlocker by completing the steps below: 

  1. Open Bitlocker Drive Encryption by clicking the Start button, then Control Panel and then click Bitlocker Drive Encryption.
  2. Click Turn On BitLocker. This opens the BitLocker setup wizard. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  3. Follow the instructions in the wizard.

To turn off or temporarily suspend Bitlocker:

  1. Open Bitlocker Drive Encryption by clicking the Start button, clicking Control Panel and then clicking Bitlocker Drive Encryption.
  2. Do one of the following:
  3. To temporarily suspend BitLocker, click Suspend Protection, and then click Yes.
  4. To turn off BitLocker and decrypt the drive, click Turn Off BitLocker, and then click Decrypt Drive.

Using Axcrypt

Axcrypt allows the encryption of individual files. Once installed, an additional context menu is available in Windows Explorer that allows files and folders to be encrypted (and decrypted) with a key or a passphrase. 

It also has the added benefit of allowing “delete and shred” option of data thereby preventing deleted data from being recovered from the recycle bin etc.

Axcrypt will work on networked drives such as the M drive etc and it also has the added benefit of allowing “delete and shred” option of data thereby preventing deleted data from being recovered from the recycle bin etc. 

You can install AXCrypt from Install University Applications on the Managed Windows Service.