Page Comparison

Purpose

Encryption encodes information in such a way that unauthorized parties should be unable to read it. This helps to prevent compromises to the confidentiality and integrity of your data and is a part of robust, multi-layered security approach. Whether it is a compromised desktop, or a lost mobile or storage devices, encryption ensures that your data remains accessible to only you and your team.

👥Audience

On this page

Initial considerations

Determine your data's classification.

• Classifying your data is the first step to knowing what safeguards are required to securely store your data.

  • Classify data

  • Level 3 and level 4 data must be stored on a secure server or must be encrypted at rest on a laptop, mobile device, or removeable storage.

Consult with your local IT group.

• Your department or division may support or recommend specific encryption solutions.

  • https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%96%A5%EF%B8%8F-Informationus#Information-Technology-(IT)

\uD83D\uDCD8 What What can I do?

Enable or install full-disk encryption packages.

Windows (institutionally managed)

• Bitlocker.

  • Pre-installed but might need to be enabled.

  • Contact your Local IT group for support.

    • https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%96%A5%EF%B8%8Fus#Information-Information-Technology-(IT)

Windows (self-managed)

• Bitlocker.

  • Pre-installed but might need to be enabled.

  • https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838#ID0EBD=Windows_11

MacOS (self-managed)

• Filevault.

  • Pre-installed but might need to be enabled.

  • https://support.apple.com/en-ca/guide/mac-help/mh11785/mac

Linux (self-managed)

• Various options; distribution dependent.

  • Contact your Local IT group for assistance managing encryption on Linux systems.

    • https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%96%A5%EF%B8%8Fus#Information-Information-Technology-(IT)

  • Common solutions include:

    • https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home

    • https://gnupg.org/

Android (self-managed)

• File-based encryption by default when lock screen enabled.

  • https://support.google.com/android/answer/9079129?hl=en

iOS (self-managed)

• File-based encryption by default when lock screen enabled.

  • https://support.apple.com/en-us/HT204060

Cross-platform

• Various options.

  • Contact your Local IT group for assistance managing encryption through other third-party options.

    • https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%96%A5%EF%B8%8F-Informationus#Information-Technology-(IT)

  • Common solutions include:

    • https://www.veracrypt.fr/en/Home.html

Encrypt at the file or folder level.

Windows

• 7-Zip.

  • https://www.7-zip.org/

MacOS

• Encrypted DMG (MacOS only) or ZIP files.

  • ZIP.

    • https://ss64.com/osx/zip.html

  • DMG.

    • https://support.apple.com/en-ca/guide/disk-utility/dskutl11888/mac

      • Scroll to “Create a secure disk image”.

Linux

• Contact your Local IT group for assistance.

  • https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%96%A5%EF%B8%8Fus#Information-Information-Technology-(IT)

• Common solutions include:

  • https://gnupg.org/

  • https://www.7-zip.org/

  • https://www.linux.org/docs/man1/zip.html

Cross-platform

• Contact your Local IT group for assistance.

  • https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%96%A5%EF%B8%8F-Informationus#Information-Technology-(IT)

• Common solutions include:

  • https://www.veracrypt.fr/en/Home.html

  • https://www.aescrypt.com/

Use a self-encrypting device (SED)

.

Servers

• Where possible, order SED storage drives and motherboards supporting Trusted Platform Module (TPM).

Storage

• External drives

  • https://www.kingston.com/en/ssd/ironkey-vp80es-encrypted-external-ssd

  • https://www.samsung.com/ca/memory-storage/portable-ssd/portable-ssd-t7-usb-3-2-2tb-red-mu-pc2t0r-am/?cid=ca_pd_ppc_google_t7-portable-ssd_sustain_portable-ssd-retent_text_t7-portable-ssd_20180110-samsung%20t7_w&gad_source=1

• USB keys

  • https://www.kingston.com/en/usb-flash-drives/ironkey-lp50-encrypted

---

Page Properties
hidden true
Name Role Date Michael Laurentius Author Carl Chan Approver (Manager) Reviewer