RRU uses and stores a lot of data that is confidential, sensitive, personal or just plain private. With the much publicized data breaches at the University of Victoria, the need for mitigating risk related to data theft and loss has become very apparent. Data encryption is a solution widely practised for this purpose. Safeguarding sensitive data is a legal requirement under the Freedom of Information and Protection of Privacy Act (FIPPA) and the office of the information and privacy commissioner states “encryption is the minimum standard for devices like laptops and USB drives”.

 
In keeping with this legal requirement, RRU has implemented an encryption solution for USBs across campus.

  • IT Services is responsible for getting this work done.
  • Each person who uses a USB stick to transport personal data is responsible for ensuring that they are in possession of an appropriate piece of equipment.

USBs

We have selected the Kingston DataTraveler 4000 (256 bit AES hardware based data encryption).  These are not provided centrally but if you have a need for a flash drive to move data from point A to B, please let us know and we will provide you with an encrypted flash drive for this purpose if we have any on hand.  If we do not, we can help you source one. Please give some thought to whether or not you really need to transport data this way because, as in all cases, it is best NOT to store sensitive data on a portable device.

What will I do differently?

You will be required to enter a password in order to view the encrypted data on the USB stick. The password is assigned in advance. After you entered the password, work normally. When you close the USB stick, it’s encrypted again.

Laptops

Windows computers:

We are using a product called TrueCrypt, which allows us to "whole disk encrypt" our laptops. Whole disk encryption means that the entire hard drive is encrypted - including operation system, applications, and data. Absolutely NOTHING is available on that laptop unless the person using it knows the encryption password, which is different from your usual username/password combination.

What will I do differently?

Once your laptop is encrypted, you will need to enter a new password in order to unencrypt the laptop every time you start the computer (almost immediately… and that password is assigned in advance). Everything after that is exactly the same as always.

Mac Computers:

We are making use of built in encryption software (Lion and above).

What will I do differently?

You will enter your regular username and password & the system will use these credentials to unencrypt the machine. It will then continue booting and log into the network as usual (there is not seperate username/password for the encryption piece).

Cloud Storage

Many people use cloud storage instead of USB sticks. If you’re using cloud storage, you probably already have a Dropbox/Google Drive/Skydrive account. If you are not already using it, check it out to see if it fits. Users of cloud storage can install TrueCrypt and then run the volume creation wizard to create a virtual encrypted disk.

More information here (There are other cloud encryption options available)

Getting the work done

IT-Services will need to encrypt your laptop. How?

  1. We are currently upgrading all L08 computers, which includes some laptops. We are encrypting those laptops as we install them. People receiving new laptops have already been contacted or will be, in the coming weeks as we build and work through a schedule that ends on December 31st.
  2. If you have a laptop that is newer than the 08s (so, L09, L10, L11…), you will be contacted in the new year when we will build and work through a 2nd phase schedule, which will likely involve us needing access to your laptop for a few hours in order to do the work. More details on that when available.

A new password? What if I forget this encryption password?

If you forget your encryption password, you will not be able to use your computer or USB stick. That is the whole point (well, it’s not to lock YOU out, it’s to lock out a thief!).

YOU may call the helpdesk at:

 250-391-2659 or 1-866-808-5429

(or email us using your smart phone, iPad etc.) We’ll authenticate you and then give you the password so that you can carry on.

Can I share my password?

If you are loaning your laptop or USB stick to a colleague, you will need to give him/her the password, otherwise, they won’t be able to unencrypt it. And we're not worried about your colleague, another RRU employee, running off with your mobile device.

What about other devices?

Who do I talk to if I have questions about encryption?

Please do not hesitate to contact Cecelia David if you have questions or concerns.

Notice to travellers:

Encryption technology is restricted in some countries. Some countries may require a permit to bring encrypted devices into the country. We recommend that anyone planning to travel to a foreign country with an encrypted device should contact Foreign Affairs and International Trade Canada prior to departure.

Interesting documentation related to this subject: