Encryption

What is encryption?

Encryption refers to the process of converting your information into a form that cannot be understood by anyone who is not permitted to view that information. Without encryption it is very easy for a criminal, such as a computer hacker or an identity thief, to intercept and view your work.

Encryption should be used to protect against the loss and theft of valuable information when it is:

  • Stored on portable computing devices such as laptops, tablets and smart phones.
  • Stored on portable storage devices such as USB flash drives and external hard disk drives.
  • Sent as an email attachment.
  • Sent across the Internet.

The types of information you must encrypt includes:

  • Personal information that is protected under the Data Protection Act 2018 (e.g. staff, student and medical data).
  • Information that is protected by a contractual agreement (e.g. financial or commercially sensitive data provided by a private sector company).

 

Other important points to remember about encryption

  • It is not possible to recover your information should anything go wrong during the encryption process or if you forget your encryption passphrase or lose your encryption key. Always keep a non-encrypted master copy of your valuable information on the University Filestore.
  • Do not store protected information on a portable computing device or portable storage device, or send that information by email or via the Internet, unless absolutely necessary.
  • If you have no other option but to store protected information on a portable computing device or portable storage device, then keep that information to a minimum.
  • Protected information should only be stored on a portable computing device as a temporary measure (e.g. if it is not possible to access that information remotely).
  • You should only store protected information on a portable storage device for data transfer purposes, and when no other secure data transfer method is available.
  • Remove all protected information from the portable computing device or portable storage device if it no longer needs to be kept on the device.
  • Just like your bank card and PIN, never store your encryption passphrase or key with your encrypted information.
  • Use a long encryption passphrase that is at least twelve characters long and contains a mix of alphabetic, numeric and punctuation characters. An example of such a passphrase is: “I’ve worked in HE for 3 years!
  • Always keep a record of the devices that you have encrypted. This will allow you to confirm if a device was encrypted if it is lost or stolen.
  • Only use methods of encryption that are proven to be reliable.