Information Security

Encrypt your laptop

Protect University information from being leaked if your laptop is lost or stolen.

Encrypt your laptop, your desktop and your mobile devices

A password or PIN on a computer is not sufficient to protect sensitive data. (A thief could easily take out the hard disk and read it on another computer.) Encrypting your whole hard disk protects your data even if the device is stolen and dismantled by a thief.

You can encrypt any sensitive data in email messages, or that you upload to the"cloud", or that you take outside your office or workplace (for example on a laptop or on small portable storage device like a USB stick).

What this means in practice

In general, encrypt your laptop and your devices. Any device you use for University business should be encrypted. 

However, you don't need to encrypt devices that you are certain do not contain sensitive information.  For example, you may be absolutely certain that the files you copy onto a USB stick, for a specific purpose, has no sensisitivies. 

Take a measured and considered approach:

  •  If it's general data like that which accummulates on a laptop, encrypt the whole device. That way you need not worry if someone sends you information or an email message with sensitive data.    
  • If it's a USB copy of a document you need, and you know it's not confidential or sensitive, there's no need to encrypt that.

Encrypting  devices and documents

Situations where you cannot use encryption

Needing to use an old computer

Special circumstances may prevent your use of encryption.  For example, you may need to use an old computer to control a special device or lab equipment at work. Upgrading the computer might mean the software would no longer work.  The way to protect this type of device, is to avoid connecting it to the network, or connect it to a network specially set up for your laboratory work.

For information how to do this, discuss with your local Computer Officer, and refer them to the Information Security Team.

Contacting the Information Security Team, or reporting a security incident

Take a risk-based, mitigative approach, to minimise the impact should the computer be stolen, lost or broken.

Travelling into countries where encryption is forbidden

When travelling to countries which do not permit encryption, take a new, or specially erased computer instead, and use that to access any information you need over the network. There are some quite deep complexities in this area though. Refer to the link below for more information.

Secure international travel