File and Drive Encryption
Security measures need to match the risk of the data. Regular data is reasonably secure when you use a UU laptop and store data in UU-approved storage like Yoda, Surf Drive and UU-OneDrive. However, if you process sensitive data, you should apply more secure measures. One of these measures is Data Encryption.
Why do we use encryption? To help conceal private or sensitive information from those who are unauthorised to access it.
It is a method of securing data in a virtual vault with a password. Here we discuss two different kinds of encryption, file-level and drive-level encryption.
Encryption is not fool-proof and requires choosing good passwords. https://intranet.uu.nl/en/information-security-choosing-secure-password
File Encryption
File encryption is helpful when you have individual files that you would like to send to others over possibly insecure connections or destinations such as email or uploading to cloud storage. An encrypted file is one that has had an encoding algorithm applied to it to scramble the data. The file becomes practically unreadable once scrambled, unless you have the password to reverse the effect.
You can encrypt individual files easily using 7-Zip, a common compression software found on most UU computers, and available for free at https://7-zip.org/. 7-zip is available for Windows, MacOS, and Linux.
- In Windows, right click on the file(s) you want to encrypt, and go to the 7-zip menu, in there, select “Add to Archive”.
- Encryption is only available for .zip and .7z compression methods, and will show up in the bottom right-hand corner of the add to archive screen.
- In that corner, enter a strong password, and use the AES-256 encryption method.
Drive Encryption
Drive encryption is an operating system technology that conceals the contents of an entire storage drive. If someone were to find the drive but doesn’t have the key or password, they would have a difficult time to decrypt and read its files.
All major operating systems, including Windows, MacOS, Linux and even iOS/iPadOS and Android support drive encryption. We provide links here how to enable drive encryption on Windows, MacOS, iOS, and some Linux providers. For Linux and Android users you will need to find the information on drive encryption from your device manufacturer or distribution maintainer.
Most operating systems have hard drive encryption enabled by default. You should check your device to make sure drive encryption is enabled. UU owned computers are configured with encryption enabled by UU ICT.
For external drive encryption you should either encrypt individual sensitive files as outlined above or use a USB stick to encrypt the whole operating system from the start.
Please read the UU ICT page on external drive security.