Quick Guide to Data Encryption at Queen’s
This is an overview of encryption of popular mobile device types. For further information please use the contacts below or consult the device handbook.
** Please ensure all your data is backed up before commencing the encryption process **
To check a Microsoft Windows® Laptop - Hit Start, type BitLocker, then click Manage BitLocker – if Bitlocker is enabled the only option available will be turn BitLocker off -so your laptop is encrypted.
To check an Apple® device- On an Apple iOS device (iPhone, iPad), if it has a passcode, it's encrypted. On an Apple MacBook, you either look at System Preferences, Get Info on Finder, or else reboot it – if it asks for a login you are encrypted.
For all other devices check manufacturer’s instructions or refer to the Contacts section on this page.
Note: all of the encryption methods listed below require a password or other memorable data. Be sure that you remember this, or document it securely away from the encrypted device. If you forget/lose the password your data may not be recoverable.
Bitlocker® is a full disk encryption feature included in Windows Professional and Enterprise versions back to Windows 7. To Setup Bitlocker on a laptop click here. Windows Phones from v10.1 have encryption options in the setting menu, for older versions of Windows Phone use BitlockerToGo as described in the USB storage encryption section below.
FileVault® is the technology that Apple offers to encrypt the files on the hard drive. FileVault must be enabled on all Queen’s mobile Apple devices. Setting a passcode/phrase or biometric verification will automatically enable FileVault device encryption on iOS devices (iPhone, iPad). On macOS devices (MacBook) setup FileVault.
Android versions 4.0 and above allow encryption of the device through the security option in system settings. Always set a passcode on your device and ensure that any removable memory e.g. Micro SD card is encrypted. Consult your device handbook for further advice.
Microsoft Devices - BitlockerToGo is the recommended USB storage encryption – you do not need to turn on Bitlocker on your computer for this to work.
- Insert the USB storage device and right click on the assigned drive letter
- Select “turn on Bitlocker”
- Enter a password which conforms to the QUB password policy and confirm
- Save the recovery key to a safe place on your desktop or laptop
- Encrypt the drive
You will need to enter the password each time you mount the drive in a computer. If you forget the password you will need to use the recovery key to restore the data. DO NOT LOSE BOTH.
Apple Devices - Use the Disk Utility application to format the USB storage with AES-256 encryption or for storage already in use simply right click on the drive and select 'encrypt'.
USB Hardware based encrypted storage - In some cases it may be easier to use USB storage which has built-in full disk encryption. Use a device which has 256 bit hardware based AES encryption – these can be purchased from the Internet at relatively low cost e.g. Kingston, Integral, and SanDisk.
To encrypt Microsoft Office® and Adobe® attachments e.g. Word, Excel, pdf use the password protect option in the document. Use a minimum of 12 characters in the password to ensure adequate protection. Do not send the password in the email – where possible send the password by another method e.g. SMS Text. Business areas emailing sensitive data on a regular basis should consider using commercial zip/encrypt applications like WinZip®, 7Zip®.
IT Service Desk | (028) 9097 3760 | firstname.lastname@example.org |
Data Security | email@example.com |
Last Updated: January 2017