Encrypt data and devices

Purpose

Encryption encodes information in such a way that unauthorized parties should be unable to read it. This helps to prevent compromises to the confidentiality and integrity of your data and is a part of robust, multi-layered security approach. Whether it is a compromised desktop, or a lost mobile or storage devices, encryption ensures that your data remains accessible to only you and your team.

Audience

faculty researchers Admin staff IT staff students

On this page

Initial considerations

Determine your data's classification.

• Classifying your data is the first step to knowing what safeguards are required to securely store your data.

  • Classify data

  • Level 3 and level 4 data must be stored on a secure server or must be encrypted at rest on a laptop, mobile device, or removeable storage.

Consult with your local IT group.

• Your department or division may support or recommend specific encryption solutions.

  • Contact us | Information Technology (IT)

What can I do?

Enable or install full-disk encryption packages.

Windows (institutionally managed)

• Bitlocker

  • Pre-installed but might need to be enabled.

  • Contact your Local IT group for support.

    • Contact us | Information Technology (IT)

Windows (self-managed)

• Bitlocker

  • Pre-installed but might need to be enabled.

  • Device Encryption in Windows - Microsoft Support

MacOS (self-managed)

• Filevault

  • Pre-installed but might need to be enabled.

  • Protect data on your Mac with FileVault

Linux (self-managed)

• Various options; distribution dependent.

  • Contact your Local IT group for assistance managing encryption on Linux systems.

    • Contact us | Information Technology (IT)

  • Common solutions include:

    • Home · Wiki · cryptsetup / cryptsetup · GitLab

    • https://gnupg.org/

Android (self-managed)

• File-based encryption by default when lock screen enabled.

  • Set screen lock on an Android device - Android Help

iOS (self-managed)

• File-based encryption by default when lock screen enabled.

  • Use a passcode with your iPhone, iPad, or iPod touch - Apple Support

Cross-platform

• Various options.

  • Contact your Local IT group for assistance managing encryption through other third-party options.

    • Contact us | Information Technology (IT)

  • Common solutions include:

    • https://www.veracrypt.fr/en/Home.html

Encrypt at the file or folder level.

Windows

• 7-Zip

  • https://www.7-zip.org/

MacOS

• Encrypted DMG (MacOS only) or ZIP files.

  • ZIP

    • zip Man Page - macOS - SS64.com

  • DMG

    • Create a disk image using Disk Utility on Mac

      • Scroll to “Create a secure disk image”.

Linux

• Contact your Local IT group for assistance.

  • Contact us | Information Technology (IT)

• Common solutions include:

  • https://gnupg.org/

  • https://www.7-zip.org/

  • https://www.linux.org/docs/man1/zip.html

Cross-platform

• Contact your Local IT group for assistance.

  • Contact us | Information Technology (IT)

• Common solutions include:

  • https://www.veracrypt.fr/en/Home.html

  • https://www.aescrypt.com/

Use a self-encrypting device (SED).

Servers

• Where possible, order SED storage drives and motherboards supporting Trusted Platform Module (TPM).

Storage

• External drives

  • https://www.kingston.com/en/ssd/ironkey-vp80es-encrypted-external-ssd

  • https://www.samsung.com/ca/memory-storage/portable-ssd/portable-ssd-t7-usb-3-2-2tb-red-mu-pc2t0r-am/?cid=ca_pd_ppc_google_t7-portable-ssd_sustain_portable-ssd-retent_text_t7-portable-ssd_20180110-samsung%20t7_w&gad_source=1

• USB keys

  • https://www.kingston.com/en/usb-flash-drives/ironkey-lp50-encrypted

Search

Additional help

General

https://handbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/Contact+us#Information-Security-(IS)

Contact us | Information Technology (IT)

Researchers

https://security.utoronto.ca/services/research-information-security-program/

Related articles