Device Encryption Guide
Device encryption helps to protect information should the device go missing or is stolen. Any mobile device containing confidential University or personal information must be encrypted. UCD users must ensure their device is encrypted; your encryption recovery stored in a safe location and that their device is secured with a strong unique password or PIN.
If you believe that any University or personal information has been put at risk due to theft or accidental loss, you must report this incident to the University Data Protection Officer (DPO) immediately at firstname.lastname@example.org, regardless of whether the device is encrypted or not.
The following guidelines will help you encrypt the most common University devices.
* Please note Windows 10 Home edition does not support BitLocker encryption.
Windows BitLocker Drive Encryption is the native encryption for Windows 10 Professional laptop/desktops. By enabling Bitlocker on your machine it will make your data unreadable by unauthorised users.
Prerequisite to enabling Bitlocker
Device Operating System must be Windows 10 Professional.
Your Windows Password is at least 10 characters long and includes upper and lowercase letters and some numbers. Your devices and Information is not protected if machine has a weak easily guessable password.
Quick Encryption guide (Laptops with TPM Module)
- Sign in to Windows with an administrator account.
- Click on Windows Search (Magnifying Glass), enter encryption, and select Manage BitLocker from the results.
- Select Turn on BitLocker, and then follow the Windows instructions.
- It is very important that you save at least two copies of the Encryption Recovery Key. We recommend that you print out a copy and store it in a secure location away from your laptop, email a second copy to yourself or save a copy to your Google Drive. Please be aware that if you forget either the device password or encryption recovery key, there is a real risk that you will be unable to access the device and its data. Remember to regularly backup all your files to a safe location as Laptops do fail.
- Click on Search, enter encryption, and select Manage BitLocker the list of results.
- Turn on Bit-Locker and follow the instructions
- Should you encounter the following Trust Platform Module message then please stop as your laptop is not compatible, otherwise continue to step 4.
This device cannot use a Trusted Platform Module. Your administrator must set the “Allow BitLocker without a compatible TPM” option in the “Require additional authentication at start-up” policy for OS volumes
- You will be presented with the options on how to unlock your drive at start-up. Select Enter Password.
- Use a complex password with at least 8 mixed case alphanumerical characters. Enter the password twice and select next.
- You are presented with four options on how to back up your recovery key.
*We recommend that you save your recovery key to two locations, such as a file on a USB device, email it to your UCD Email account immediately or save it to Google Drive. You must keep the recovery key safe and accessible but not with your laptop. This recovery key is the only way you can access your laptop if your device encounters an issue otherwise it will need to be rebuilt and you will lose any information stored on your device.
- Next, Select the option to “Encrypt used disk space only (faster and best for new PC’s and drives)” and Select Next
- Select the option “New encryption mode (best for fixed drives on this device)” and Select Next
- Confirm that the tick box is checked - “Run BitLocker system check” Select Continue
- Restart the machine when prompted in order for encryption to begin
- The BitLocker login screen appears, enter the password that was created in step 6. Press Enter to continue
- Check the encryption status by going to Manage BitLocker as outlined in step 1.
If you encounter any issues or require assistance, then please email the email@example.com or drop into one of the IT Support centres in Daedalus or Health Science.
FileVault full disk encryption (FileVault 2) is the native encryption program included free with specific versions of Apple OS and, once turned on, runs on the computer. You can find more details at Apple.
*Please be aware that if you forget either the device password or encryption recovery key, there is a real risk that you will be unable to access the device and its data.
Smartphones and tablets are essentially mobile computers that allow you to access the internet and email, download applications and games and store photos, videos and your personal information on them. If your device is lost or stolen then someone could access the information stored on it, this could be your own personal information or it could be confidential UCD data which you have an obligation to protect. Therefore it is important to realise that you need to protect and secure your phone just as you would your home computer or laptop.
What should you do?
In order to protect your phone or tablet and the data stored on it you should have a look at the security features that are available in your phone. All phones have security settings though the exact options available will differ depending on manufacturer, model and software version. Use whichever features your device offers that provide the best security for your needs:
Password, passcode, or PIN: Setting a password, passcode, or PIN to access your device is generally simple and effective. Use a code that is four digits or longer, and keep it secret, like you do for your email password or passphrase.
Unlock pattern: Some mobile devices let you set unlock patterns that function like PINs. Use a pattern with some complexity (e.g., with at least five points), keep it secret, and protect it from observers. Additionally, be aware that smudges on the face of your device may reveal your pattern to unauthorized users.
Device lockout: Most mobile devices provide a lockout option that can be configured to automatically lock if your phone has not been used for a set period of time 5mins etc.
Auto-wipe: Auto-wipe is similar to the lockout option, but more secure. After several consecutive unsuccessful password, pattern, or PIN attempts, the device will automatically erase (i.e., wipe) all stored data and reset itself to the factory defaults.
Note: When you use the auto-wipe option, make sure to back up your data regularly. Consult your device's documentation for instructions on backing up data.
Encryption: Certain handheld devices are capable of employing data encryption. Consult your device's documentation or online support resources for information about available encryption options.
You can contact our IT Helpdesk at 2700 or by emailing firstname.lastname@example.org. Alternatively, you can drop into one of our IT Centres.