Full information on Encryption requirements at CUMC can be found within the IT Policies, Procedures and Guidelines area of our website. The information and instructions here are for general use, anyone connecting to Medical Center resources must be aware of all requirements and be sure that they are in compliance.
What is Encryption?
Encryption is the conversion of data into a format that is not readable or understandable without proper credentials. It provides extra security in cases where electronic information has been accidentally or purposely and maliciously disclosed. Most encryption software uses a strong password for credentials to authorize that data can be decrypted, or made readable again.
In general encryption can be set up in the following ways:
Individual file and folder encryption - this encrypts only the data or locations that you specify, whether on a computer or removable media such as a USB key, CD, external hard drive, SD card, etc. Some of these programs can also be used to send encrypted email attachments.
Full disk encryption - installed on a computer, external hard drive, or USB key, full disk automatically encrypts all data stored on the drive or "disk".
Pre-boot authentication - this adds a layer of security to a computer as it starts up, before the operating system loads. Please see information below regarding pre-boot authentication requirements at CUMC.
Once an encryption program is set up, it typically operates transparently. Files are automatically encrypted and decrypted when the proper credentials provided. You may see a splash screen with the name of the encryption software and its activity when saving files, moving them or shutting down your computer.
IMPORTANT! Before Using Any Encryption Program
The purpose of any encryption software is to make data unreadable if proper authentication is not provided. Issues including permanent loss of data can occur if you do not adequately prepare your computer and data before installing or beginning to use encryption.
Verify that the software is compatible with your computer and existing software.
Review the program's installation and help documents to understand how you will be using it.
It is also important that you do not forget or lose any password you set in an encryption program. Doing so may mean that you can no longer access the files; many programs do not provide a backup method to decrypt data without the password.
PBA encryption is available when using FileVault2, the native encryption program that comes with Macintosh Lion (10.7) and higher systems.
Apple's tutorial on using FileVault2 is at: http://support.apple.com/kb/HT4790
Please do not follow instructions on the tutorial to store a recovery key with Apple, but do keep a copy of it in a safe place.