Disk Encryption: How to protect your computer and University data
The recommended method for protecting the information on your computer is to use the encryption software which comes bundled with your computer's operating system. Encryption converts data to a format that is unreadable by anyone except authorized users. This University-wide disk encryption service is available to all eligible faculty and staff computers. Studies show that many people who lose or have their computer stolen often have personal and family data at risk, as well as confidential University data.
What type of computer should use disk encryption?
- All computers purchased via the FCP program are required to be encrypted
- All University desktop and laptop computers purchased using University funds are recommended to be be encrypted.
- Certain departments have their own internal requirements for encryption. Check with your departmental SCAD/DCS staff member or contact the OIT Support and Operations Center.
- Encrypted computers should be backed up frequently, preferably using the Princeton CrashPlan Service.
How can I tell if my computer's disk is already encrypted?
- To check your computer’s encryption status, see Article 1109
How do I enable disk encryption on my computer?
Centrally managed encryption can be requested from your departmental SCAD/DCS member or OIT assistance may be requested by contacting the OIT Support and Operations Center (SOC). The stored encryption recovery key can be retrieved by your SCAD/DCS or the OIT SOC.
- Users with Administrator privileges
Encryption can be manually enabled by following instructions for Windows or instructions for macOS. The recovery key will not be available to your SCAD/DCS member or the OIT SOC. You will be reponsible for storing the recovery key.
- Linux Users
The computer should be set up for encryption during the installation of the Linux.
Traveling abroad with encrypted laptops
Before traveling out of the country with encryption software, University members should follow the Encryption & International Travel guidelines published by the OIT Information Security Office.
What types of computers currently do not support disk encryption?
- Dual-boot/multi-boot computers
- MacOS computers using a Boot Camp Windows partition
- Windows computers that have a RAID disk array
- Virtual Machines
External storage devices and encryption
Enabling Bitlocker for Windows or FileVault for macOS will not encrypt external storage devices such as USB drives, thumb drives, etc. These devices can be protected using encryption features built into Windows and macOS:
Information for technical support representatives
- For centrally managed native encryption, use the documentation on the OIT Image Deployment (ImageDocs) SharePoint site. (SCAD/DCS login only). Laptop power adapters are required for the software installation process.
- For devices using native Windows Bitlocker disk encryption, Bitlocker must be suspended before performing a BIOS update else the machine will not properly bootup after the BIOS upgrade is completed. Refer to Article KB0010639.