ITS

Information Technology Services
Information Technology Services

Best Practices

padlock iconEncryption Best Practices

Encryption is a systematic way of scrambling the information on a device or hard drive to prevent unwanted access to that information. Desktops, laptops, tablets, phones and external USB drives can be encrypted.

University data and the personal information of any student, staff or faculty member should not, as a general rule, be removed from campus in any format, including digital.

The consequences of a lost or stolen USB key, external hard drive, laptop, tablet, cellphone, or other similar electronic device that may contain personal or sensitive data can be dramatically reduced by ensuring that these devices are encrypted.

 

  1. Know what your responsibilities are.
    • Encryption policies should be reviewed with new employees and current employees at least once a year.
    • Take the Information Security Awareness Course offered on Moodle. (Login using your NetID).
  2. Did you know the loss of a device that contains personal information of any student, staff or faculty member is considered a privacy breach and requires certain steps to be taken?
    •  If the device is encrypted, it is not considered a privacy breach.
  3. A login password or screen saver password is NOT encryption.
  4. Buying a new computer?  Make sure you can encrypt it
    • Not all computers come with built-in encryption capabilities.
    • Make sure your new computer has a Trusted Platform Module (TPM) microchip. Computers that have a TPM have the ability to create a cryptographic code that requires an encryption key to unlock at the initial stage of the computer's startup process.
    • If your computer does not have an TPM chip you may still be able to encrypt the hard drive. Visit the IT Support Centre for more information.
  5. If you are emailing Queen's files that contain sensitive or personal information, those files must be encrypted.
    • Instead of emailing personal files, store the data online and send a link that requires authentication. 
  6. Whenever possible do not store personal or confidential data on your computer. Use a secure remote service like Windows File Service, OneDrive for Business or QShare.
  7. Third-party cloud storage services are not to be used to store or share sensitive or personal university data unless Queen's has entered into a service agreement with the provider. QShare, OneDrive for Business, and Windows File Share are secure methods of storing and sharing sensitive or personal university data.
  8. A computer does not need to be lost or stolen for data to be at risk of loss. Cyber criminals are increasingly targeting sensitive information on business devices by writing malicious code that can steal information from computers without the user's knowledge.
    • Install anti-virus software and regularly scan your devices for viruses, trojans and spyware.