Encrypt data and devices
Purpose
Encryption encodes information in such a way that unauthorized parties should be unable to read it. This helps to prevent compromises to the confidentiality and integrity of your data and is a part of robust, multi-layered security approach. Whether it is a compromised desktop, or a lost mobile or storage devices, encryption ensures that your data remains accessible to only you and your team.
Audience
faculty researchers Admin staff IT staff students
On this page
Initial considerations
Not all encryption algorithms are the same. AES-128 bit (or equivalent) is the absolute minimum you should consider. AES-256 bit or greater is preferred.
Determine your data's classification.
Classifying your data is the first step to knowing what safeguards are required to securely store your data.
Level 3 and level 4 data must be stored on a secure server or must be encrypted at rest on a laptop, mobile device, or removeable storage.
Consult with your local IT group.
Your department or division may support or recommend specific encryption solutions.
What can I do?
Enable or install full-disk encryption packages.
Windows (institutionally managed)
Bitlocker
Pre-installed but might need to be enabled.
Contact your Local IT group for support.
Windows (self-managed)
Bitlocker
Pre-installed but might need to be enabled.
MacOS (self-managed)
Filevault
Pre-installed but might need to be enabled.
Linux (self-managed)
Various options; distribution dependent.
Contact your Local IT group for assistance managing encryption on Linux systems.
Common solutions include:
Android (self-managed)
File-based encryption by default when lock screen enabled.
iOS (self-managed)
File-based encryption by default when lock screen enabled.
Cross-platform
Various options.
Contact your Local IT group for assistance managing encryption through other third-party options.
Common solutions include:
Encrypt at the file or folder level.
ZIP files can be transferred across platforms.
Windows
7-Zip
MacOS
Encrypted DMG (MacOS only) or ZIP files.
ZIP
DMG
Create a disk image using Disk Utility on Mac
Scroll to “Create a secure disk image”.
Linux
Contact your Local IT group for assistance.
Common solutions include:
Cross-platform
Contact your Local IT group for assistance.
Common solutions include:
Use a self-encrypting device (SED).
Servers
Where possible, order SED storage drives and motherboards supporting Trusted Platform Module (TPM).
Storage
External drives
USB keys
Search
Additional help
General
Contact us | Information Technology (IT)
Researchers
https://security.utoronto.ca/services/research-information-security-program/
Related articles