During the Information Lifecycle, data must be encrypted when stored on your devices or sent to someone else. With laptops and mobile devices now commonplace, most of us are used to taking our electronic lives with us wherever we go. Therefore, if your role at the university requires you to process or in other capacities handle Category 1-Restricted Data, this presents a serious risk if your equipment is ever lost or stolen.
As with any encryption technology, if you lose your password, the files are usually unrecoverable unless you've made backups. Also, file, folder and whole-disk encryption generally don’t protect your files if your computer is compromised. Encryption technology is best suited for protecting information if your laptop (or portable storage drive) is lost or stolen. Finally, if or when your devices “wake up” (i.e. opening your laptop, or pressing your phone’s home button), the device must ask for a password before granting access. If it doesn’t do this, the encryption provides no value as the information on the device can be accessed by whomever found or stole the device.
Secure File is a service providing whole disk encryption on Windows desktops and laptops, and CIFS file share encryption on designated file servers. This service addresses the requirements for securely storing Category 1-Restricted Data and/or Personally Identifiable Information.
Unsupported and should not be used for Category 1-Restricted Data.
Unsupported as of 1/14/2020 and should not be used for Category 1-Restricted Data unless alternate arrangements are made.
UBIT recommends using BitLocker, which will encrypt your entire drive. Once enabled, you don't have to remember to encrypt information as you save it to your laptop.
See also Windows 10 Lifecyle
Mac’s Disk Utility application includes an encrypted file system feature. This requires some effort to initially configure the encrypted file system. Once configured, it lets you selectively encrypt files and folders.
Mac OS also includes a feature called FileVault that will encrypt your entire home folder. This feature is similar to BitLocker in that it encrypts, essentially, all of your working files. FileVault is very easy to configure.
Use a native full disk encryption tool, with IT department driven key management.