DCU Encryption
Encryption
Encryption is the process of converting data into a cypher or code in order to prevent unauthorised access. As part of the DCU Data Handling Guidelines all DCU owned laptops and mobile devices must be encrypted.
DCU use BitLocker Drive Encryption as a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
BitLocker provides the maximum protection when used with a Trusted Platform Module (TPM) version 1.2 or later versions. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer hasn't been tampered with while the system was offline.
Windows Computer Encryption
BitLocker is the Windows encryption technology that protects your data from unauthorised access by encrypting your drive and requiring one or more factors of authentication before it will unlock it.
Windows will require a BitLocker recovery key when it detects a possible unauthorised attempt to access the data. This extra step is a security precaution intended to keep your data safe and secure. This can also happen if you make changes in hardware, firmware, or software which BitLocker cannot distinguish from a possible attack.
In these cases, BitLocker may require the extra security of the recovery key even if the user is an authorised owner of the device. This is to be certain that the person trying to unlock the data really is authorised.
Where can I find my BitLocker recovery key?
Your BitLocker recovery key is a unique 48-digit numerical password that can be used to unlock your system if BitLocker is otherwise unable to confirm for certain that the attempt to access the system drive is authorized.
If you get locked out of Bitlocker on your computer, you can find the Bitlocker Recovery key by logging into Office365 with your DCU account. For more information, please click here.
How to Encrypt Attachments
Unencrypted email is not a secure way to transfer sensitive information regardless of the email solution or where that email solution may be hosted (either 'in the cloud' or 'on premises'). DCU's email solution, provided by Google, is not encrypted. Therefore, in common with most commercial email solutions, all data in an unencrypted email can be intercepted as it is sent over the internet.
ISS does not support encryption solutions that encrypt the data held in the header or body of emails as we do not feel that such solutions strike the appropriate security/usability balance for DCU. ISS will continue to monitor all developments within this area and welcomes suggestions and feedback from the DCU community in this regard.
ISS does support the encryption of attachments and we have outlined instructions on how to do this below. If you choose to encrypt attachments, please pay particular attention to not include sensitive information in the body of your email.
Never share the encryption password by email even to a different email address. We suggest that you share the password by telephone, in person or by SMS. Please note that ISS will not have access or the ability to retrieve or reset the password you create. You should give consideration to backing up the data you propose to encrypt.
If encrypting attachments by any of the means proposed below is not an option for you, please speak to us and we will be happy to help.
We offer the following options for encrypting email attachments:
Filesender:
Filesender is a web-based application that works through your web browser provided by HeaNet
Filesender is a way to share large files or documents with anyone.
Filesender can send files up to 500 GB. This considerable sending power allows users to transfer large files with ease.
Files can be encrypted by clicking the encrypt option before sending the email.
Files sent by Filesender are available for download for up to 30 days after sending.
Files can be downloaded an unlimited amount of times over this period.
Encrypt a document with Office 365
Open the Office file you wish to encrypt.
Click on “File” in the upper left-hand corner.
Click on “Info”.
Click on “Protect Document” then “Encrypt with Password”.
You will be prompted to enter a password to encrypt your document:
We highly recommend following the DCU policy: “Guidelines for Creating a Secure Password” for information pertaining to creating passwords.
You will be prompted to re-enter your password:
Once your password is entered, you must save your document for the encryption to take effect. Please note that if you forget your password, we cannot recover it, nor retrieve the information inside of your document. If you want to check and make sure that it works, close the document and re-open it.
7-Zip' Compression Software
7-Zip is an archive format, providing high compression ratio. 7-Zip supports encryption with AES-256 algorithm
The software is available for free download from DCU Software Center
Please note, 7Zip may be required to decrypt the files when they're downloaded
How to Encrypt a Zip File using 7-Zip
PLEASE REMEMBER:
Never email the encryption password.
If you forget your password, ISS can neither reset your password nor recover your files.