Computer Encryption
Encryption is a very important tool to safeguard protected and confidential data, but it needs to be installed and used with caution.
What is encryption?
Encryption is the process of scrambling data to make it unreadable to anyone who does not possess the proper key. When you encrypt an entire disk, all of the files on the computer are encrypted, including:
- Operating system files
- Application files
- Data files
- Swap files
- Free space
- Temp files
Successfully logging onto an encrypted computer can decrypt the drive. When you shut down your system, the drive is re-encrypted. This means that when your device is powered off, your disk is protected against use by others.
Once you unlock a disk, its files are available to you AND anyone else who can physically use your system. If you leave your system unattended, your files are not encrypted.
Data encryption methods
BitLocker (Windows) and FileVault (for Macs) are the University recommended methods for encrypting data stored on TU-owned computer systems, and they meet university encryption requirements for computers in high-risk departments. If you need help, contact the OTS Faculty/Staff Help Center or submit a TechHelp service request.
Encryption on TU computers
The Office of Technology Services (OTS) is responsible for desktop encryption on all computers in departments that are deemed high-risk. OTS will remotely install the appropriate encryption software and settings on high-risk faculty and staff computers following the processes below.
Note: The encryption process can be delayed for up to seven days. Faculty/staff can request an exemption from disk encryption by submitting a TechHelp service request to the Office of Information Security.
Process
- OTS will notify the high-risk user in an email prior to deploying encryption software.
- A message will appear on the screen, prompting start of the encryption process.
- The encryption process runs in the background and does not affect usage or performance of the computer.