Computer Encryption

Encryption is a very important tool to safeguard protected and confidential data, but it needs to be installed and used with caution.

What is encryption?

Encryption is the process of scrambling data to make it unreadable to anyone who does not possess the proper key. When you encrypt an entire disk, all of the files on the computer are encrypted, including:

  • Operating system files
  • Application files
  • Data files
  • Swap files
  • Free space
  • Temp files

Successfully logging onto an encrypted computer can decrypt the drive. When you shut down your system, the drive is re-encrypted. This means that when your device is powered off, your disk is protected against use by others.

Once you unlock a disk, its files are available to you AND anyone else who can physically use your system. If you leave your system unattended, your files are not encrypted.

Methods for encrypting your data

BitLocker and FileVault are the University recommended methods for encrypting data stored on TU-owned computer systems, and they meet the University encryption requirements for computers in high-risk departments.

Encryption for Microsoft Windows: BitLocker

BitLocker is a feature of Windows that encrypts the disks on a computer to protect the data from unauthorized access, physical theft or loss.

BitLocker encrypts the entire hard drive and protects data when the computer is powered off or hibernating and to a lesser degree when the computer is sleeping. Additionally, it protects files on your computer in the event that anyone tampers with the computer's startup process. Encrypting the entire Windows volume with BitLocker can help prevent others from seeing your files, even if your computer is stolen or a hard disk removed. 

BitLocker is available on the following versions of Windows:

  • Windows 7 Ultimate or Enterprise
  • Windows 8 Professional or Enterprise
  • Windows 10 Professional or Enterprise

Encryption for Mac: FileVault 

FileVault 2 is the native encryption software on Mac computers. When enabled, it encrypts all data stored on the computer’s hard disk. It uses full disk encryption and with pre-boot authentication.

Macs with FileVault enabled will see a login prompt quickly after powering on, but before Mac OS loads. Once valid credentials are entered, the boot up and decryption process will run. After logging out or shutting down, everything is encrypted and cannot be read without an authorized login.

The latest version of FileVault 2 is available on Mac OS X Lion (10.7) and newer.

Encryption on Towson University Computers

The Office of Technology Services (OTS) is responsible for desktop encryption on all computers in departments that are deemed high-risk. OTS will remotely install the appropriate encryption software and settings on high-risk faculty and staff computers following the processes below.

Note: The encryption process can be delayed for up to seven days. Faculty/staff can request an exemption from disk encryption by submitting a TechHelp service request to the Office of Information Security. 

PROCESS FOR Windows & Macs

  1. OTS will notify the high-risk user in an email prior to deploying encryption software.
  2. A message will appear on the screen, prompting start of the encryption process.
  3. The encryption process runs in the background and does not affect usage or performance of the computer.