DCU Digital Device Encryption and Data Handling Guidelines
Encryption is the process of converting data into a cypher or code in order to prevent unauthorised access. As part of the DCU Data Handling Guidelines all DCU owned laptops and mobile devices must be encrypted.
DCU use McAfee Endpoint Encryption which offers multiple layers of protection that address specific areas of risk. Encryption can be extended not just to PCs, laptops, but also to network files and folders, mobile devices, removable.
We consider portable devices such as laptops to be at a much higher risk of being lost or stolen compared to desktops and therefore require, in our mobile computing policy, that portable devices be encrypted.
How McAfee Encryption Work’s on a Laptop
McAfee fully encrypts the entire hard drive and all data including the operating system. As part of the installation, a ‘recovery key’ is created. This ‘recovery key’ is used to decrypt the laptop in the case of maintenance on the laptop or expiry of account. The 'recovery key' is stored on a secure DCU server and can only be accessed by IS Services staff.
This comprehensive encryption of the hard disk provides the best possible security should the laptop be lost or stolen, provided the user has not physically written down their username and password and left them somewhere that would allow them to be lost or stolen with the laptop. In the eventuality of theft, an audit record exists confirming that all data and software on the laptop has been encrypted. What this means is that the contents of the entire hard drive will be made unreadable to unauthorised users
After McAfee is installed an important change is that the user will be prompted to log in with McAfee before the operating system is started, typically immediately after the manufacturer's logo is displayed when you power on the laptop, but before the computer boots into Windows. It is still necessary to login into Windows as well, as a different password will need to be created for the encryption login.
We consider portable devices such as laptops to be at a much higher risk of being lost or stolen compared to desktops and therefore require, in our mobile computing policy, that portable devices be encrypted. We do not consider desktops to be at a high risk of theft or loss and therefore we do not encrypt by default.
McAfee Endpoint Encryption for PC:McAfee encryption include:
- Enforce strong access control with pre-boot authentication
- Enable transparent encryption without hindering users or system performance
- Ensure consistent protection across all devices
- Supports mixed device environments including solid-state drives
- New architecture ready to support emerging self-encrypting hard drive standards
The vast majority of smart phones can connect to the DCU apps via the mobile apps (e.g. Email, Calendar, Docs) but some may not meet the criteria. If your phone model is unable to meet the required standard, you can still connect to DCU Apps through your mobile's browser.
ISS are not responsible for issues that might occur when configuring or encrypting personal devices and will only use the wipe functionality once we are requested to by the staff member
How To Encrypt Attachments
Unencrypted email is not a secure way to transfer sensitive information regardless of the email solution or where that email solution may be hosted (either 'in the cloud' or 'on premises'). DCU's email solution, provided by Google, is not encrypted. Therefore, in common with most commercial email solutions, all data in an unencrypted email can be intercepted as it is sent over the internet.
ISS does not support encryption solutions that encrypt the data held in the header or body of emails as we do not feel that such solutions strike the appropriate security/usability balance for DCU. ISS will continue to monitor all developments within this area and welcomes suggestions and feedback from the DCU community in this regard.
ISS does support the encryption of attachments and we have outlined instructions on how to do this below. If you choose to encrypt attachments please pay particular attention to not include sensitive information in the body of your email.
Never share the encryption password by email even to a different email address. We suggest that you share the password by telephone, in person or by SMS. Please note that ISS will not have access or the ability to retrieve or reset the password you create. You should give consideration to backing up the data you propose to encrypt.
If encrypting attachments by any of the means proposed below is not an option for you, please speak to us and we will be happy to help.
We offer the following options for encrypting email attachments:
- Filesender is a web-based application that works through your web browser provided by HeaNet
- Filesender is a way to share large files or documents with anyone.
- Filesender can send files up to 500 GB. This considerable sending power allows users to transfer large files with ease.
- Files can be encrypted by clicking the encrypt option before sending the email.
- Files sent by Filesender are available for download for up to 30 days after sending.
- Files can be downloaded an unlimited amount of times over this period.
- Encrypt a document with Office 365
- Open the Office file you wish to encrypt.
- Click on “File” in the upper left-hand corner.
- Click on “Info”.
- Click on “Protect Document” then “Encrypt with Password”.
- You will be prompted to enter a password to encrypt your document:
- We highly recommend following the DCU policy: “Guidelines for Creating a Secure Password” for information pertaining to creating passwords.
- You will be prompted to re-enter your password:
- Once your password is entered, you must save your document for the encryption to take Effect. Please note that if you forget your password, we cannot recover it, nor retrieve the information inside of your document. If you want to check and make sure that it works, close the document and re-open it.
- '7-Zip' Compression Software
Never email the encryption password.
If you forget your password, ISS can neither reset your password nor recover your files.
McAfee Encryption Service FAQ
If you have any queries regarding the Mcafee Encryption Service you can submit a ticket to the ISS Service Desk. All the General Requirements, Application Processes, Support and FAQ can be found here:
DCU Data Handling Guidelines
These guidelines are to provide guidance to data custodians as to how they may protect data classified under the headings defined in the Data Classification policy. These guidelines are considered best practice for the protection of that data which can be found on the following website also:
DCU Data Classification Guidelines
A combination of data confidentiality, integrity and availability. Whether a set of data is LOW, MEDIUM, HIGH, or of VERY HIGH impact will inform the data classification and whether or not the data set should be considered sensitive data. To decide on the level of impact please refer to Dcu's Data Classification policy:
The University provides ICT systems and services to support students and staff in fulfilling the requirements of their course, research or role. All users of ICT systems or services provided by the University should be familiar with and abide by the following policies: