Encryption is the process of converting data into a cypher or code in order to prevent unauthorised access. As part of the DCU Data Handling Guidelines all DCU owned laptops and mobile devices must be encrypted.
DCU use McAfee Endpoint Encryption which offers multiple layers of protection that address specific areas of risk. Encryption can be extended not just to PCs, laptops, but also to network files and folders.
We consider portable devices such as laptops to be at a much higher risk of being lost or stolen compared to desktops and therefore require, in our mobile computing policy, that portable devices be encrypted.
How McAfee Encryption Work’s on a Laptop
McAfee fully encrypts the entire hard drive and all data including the operating system. As part of the installation, a ‘recovery key’ is created. This ‘recovery key’ is used to decrypt the laptop in the case of maintenance on the laptop or expiry of account. The 'recovery key' is stored on a secure DCU server and can only be accessed by IS Services staff.
This comprehensive encryption of the hard disk provides the best possible security should the laptop be lost or stolen, provided the user has not physically written down their username and password and left them somewhere that would allow them to be lost or stolen with the laptop. In the eventuality of theft, an audit record exists confirming that all data and software on the laptop has been encrypted. What this means is that the contents of the entire hard drive will be made unreadable to unauthorised users
After McAfee is installed an important change is that the user will be prompted to log in with McAfee before the operating system is started, typically immediately after the manufacturer's logo is displayed when you power on the laptop, but before the computer boots into Windows. It is still necessary to login into Windows as well, as a different password will need to be created for the encryption login.
We consider portable devices such as laptops to be at a much higher risk of being lost or stolen compared to desktops and therefore require, in our mobile computing policy, that portable devices be encrypted. We do not consider desktops to be at a high risk of theft or loss and therefore we do not encrypt by default.
McAfee Endpoint Encryption for Desktop:
McAfee encryption include:
- Enforce strong access control with pre-boot authentication
- Enable transparent encryption without hindering users or system performance
- Ensure consistent protection across all devices
- Supports mixed device environments including solid-state drives
- New architecture ready to support emerging self-encrypting hard drive standard
How to Encrypt Attachments
Unencrypted email is not a secure way to transfer sensitive information regardless of the email solution or where that email solution may be hosted (either 'in the cloud' or 'on premises'). DCU's email solution, provided by Google, is not encrypted. Therefore, in common with most commercial email solutions, all data in an unencrypted email can be intercepted as it is sent over the internet.
ISS does not support encryption solutions that encrypt the data held in the header or body of emails as we do not feel that such solutions strike the appropriate security/usability balance for DCU. ISS will continue to monitor all developments within this area and welcomes suggestions and feedback from the DCU community in this regard.
ISS does support the encryption of attachments and we have outlined instructions on how to do this below. If you choose to encrypt attachments, please pay particular attention to not include sensitive information in the body of your email.
Never share the encryption password by email even to a different email address. We suggest that you share the password by telephone, in person or by SMS. Please note that ISS will not have access or the ability to retrieve or reset the password you create. You should give consideration to backing up the data you propose to encrypt.
If encrypting attachments by any of the means proposed below is not an option for you, please speak to us and we will be happy to help.
We offer the following options for encrypting email attachments:
Filesender is a way to share large files or documents with anyone.
Filesender can send files up to 500 GB. This considerable sending power allows users to transfer large files with ease.
Files can be encrypted by clicking the encrypt option before sending the email.
Files sent by Filesender are available for download for up to 30 days after sending.
Files can be downloaded an unlimited amount of times over this period.
Encrypt a document with Office 365
Open the Office file you wish to encrypt.
Click on “File” in the upper left-hand corner.
Click on “Info”.
Click on “Protect Document” then “Encrypt with Password”.
You will be prompted to enter a password to encrypt your document:
We highly recommend following the DCU policy: “Guidelines for Creating a Secure Password” for information pertaining to creating passwords.
You will be prompted to re-enter your password:
Once your password is entered, you must save your document for the encryption to take effect. Please note that if you forget your password, we cannot recover it, nor retrieve the information inside of your document. If you want to check and make sure that it works, close the document and re-open it.
7-Zip' Compression Software
7-Zip is an archive format, providing high compression ratio. 7-Zip supports encryption with AES-256 algorithm
The software is available for free download from DCU Software Center
Please note, 7Zip may be required to decrypt the files when they're downloaded
Never email the encryption password.
If you forget your password, ISS can neither reset your password nor recover your files.