Encrypt data and devices

Purpose

Encryption encodes information in such a way that unauthorized parties should be unable to read it. This helps to prevent compromises to the confidentiality and integrity of your data and is a part of robust, multi-layered security approach. Whether it is a compromised desktop, or a lost mobile or storage devices, encryption ensures that your data remains accessible to only you and your team.

Audience

faculty researchers Admin staff IT staff students

On this page

Initial considerations

Determine your data's classification.

• Classifying your data is the first step to knowing what safeguards are required to securely store your data.

  • Classify data

  • Level 3 and level 4 data must be stored on a secure server or must be encrypted at rest on a laptop, mobile device, or removeable storage.

Consult with your local IT group.

• Your department or division may support or recommend specific encryption solutions.

  • Contact us | Information Technology (IT)

What can I do?

Enable or install full-disk encryption packages.

Windows (institutionally managed)

• Bitlocker

  • Pre-installed but might need to be enabled.

  • Contact your Local IT group for support.

    • Contact us | Information Technology (IT)

Windows (self-managed)

• Bitlocker

  • Pre-installed but might need to be enabled.

  • Device Encryption in Windows - Microsoft Support

MacOS (self-managed)

• Filevault

  • Pre-installed but might need to be enabled.

  • Protect data on your Mac with FileVault

Linux (self-managed)

• Various options; distribution dependent.

  • Contact your Local IT group for assistance managing encryption on Linux systems.

    • Contact us | Information Technology (IT)

  • Common solutions include:

    • Home · Wiki · cryptsetup / cryptsetup · GitLab

    • The GNU Privacy Guard

Android (self-managed)

• File-based encryption by default when lock screen enabled.

  • https://support.google.com/android/answer/9079129?hl=en

iOS (self-managed)

• File-based encryption by default when lock screen enabled.

  • Use a passcode with your iPhone, iPad, or iPod touch - Apple Support

Cross-platform

• Various options.

  • Contact your Local IT group for assistance managing encryption through other third-party options.

    • Contact us | Information Technology (IT)

  • Common solutions include:

    • VeraCrypt - Free Open source disk encryption with strong security for the Paranoid

Encrypt at the file or folder level.

Windows

• 7-Zip

  • 7-Zip

MacOS

• Encrypted DMG (MacOS only) or ZIP files.

  • ZIP

    • zip Man Page - macOS - SS64.com

  • DMG

    • Create a disk image using Disk Utility on Mac

      • Scroll to “Create a secure disk image”.

Linux

• Contact your Local IT group for assistance.

  • Contact us | Information Technology (IT)

• Common solutions include:

  • The GNU Privacy Guard

  • 7-Zip

  • https://www.linux.org/docs/man1/zip.html

Cross-platform

• Contact your Local IT group for assistance.

  • Contact us | Information Technology (IT)

• Common solutions include:

  • VeraCrypt - Free Open source disk encryption with strong security for the Paranoid

  • https://www.aescrypt.com/

Use a self-encrypting device (SED).

Servers

• Where possible, order SED storage drives and motherboards supporting Trusted Platform Module (TPM).

Storage

• External drives

  • https://www.kingston.com/en/ssd/ironkey-vp80es-encrypted-external-ssd

  • https://www.samsung.com/ca/memory-storage/portable-ssd/portable-ssd-t7-usb-3-2-2tb-red-mu-pc2t0r-am/?cid=ca_pd_ppc_google_t7-portable-ssd_sustain_portable-ssd-retent_text_t7-portable-ssd_20180110-samsung%20t7_w&gad_source=1

• USB keys

  • https://www.kingston.com/en/usb-flash-drives/ironkey-lp50-encrypted

Search

Additional help

General

https://handbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/Contact+us#Information-Security-(IS)

Contact us | Information Technology (IT)

Researchers

https://security.utoronto.ca/services/research-information-security-program/

Related articles