What is encryption?
Encryption refers to the process of converting your information into a form that cannot be understood by anyone who is not permitted to view that information. Without encryption it is very easy for a criminal, such as a computer hacker or an identity thief, to intercept and view your work.
Encryption should be used to protect against the loss and theft of valuable information when it is:
- Stored on portable computing devices such as laptops, tablets and smart phones.
- Stored on portable storage devices such as USB flash drives and external hard disk drives.
- Sent as an email attachment.
- Sent across the Internet.
The types of information you must encrypt includes:
- Personal information that is protected under the Data Protection Act 2018 (e.g. staff, student and medical data).
- Information that is protected by a contractual agreement (e.g. financial or commercially sensitive data provided by a private sector company).
Other important points to remember about encryption
- It is not possible to recover your information should anything go wrong during the encryption process or if you forget your encryption passphrase or lose your encryption key. Always keep a non-encrypted master copy of your valuable information on the University Filestore.
- Do not store protected information on a portable computing device or portable storage device, or send that information by email or via the Internet, unless absolutely necessary.
- If you have no other option but to store protected information on a portable computing device or portable storage device, then keep that information to a minimum.
- Protected information should only be stored on a portable computing device as a temporary measure (e.g. if it is not possible to access that information remotely).
- You should only store protected information on a portable storage device for data transfer purposes, and when no other secure data transfer method is available.
- Remove all protected information from the portable computing device or portable storage device if it no longer needs to be kept on the device.
- Just like your bank card and PIN, never store your encryption passphrase or key with your encrypted information.
- Use a long encryption passphrase that is at least twelve characters long and contains a mix of alphabetic, numeric and punctuation characters. An example of such a passphrase is: “I’ve worked in HE for 3 years!”
- Always keep a record of the devices that you have encrypted. This will allow you to confirm if a device was encrypted if it is lost or stolen.
- Only use methods of encryption that are proven to be reliable.