It is our duty to protect University information from being leaked. Encrypting our devices properly can protect sensitive data effectively.
Whether we use our own devices or University-owned ones, if we handle work-data on them(work email, for instance), we need to secure these.
Therefore, any device we use for University business or contain sensitive information should be encrypted.
However, you don't need to encrypt devices that you are certain do not contain sensitive information. For example, you may be absolutely certain that the files you copy onto a USB stick, for a specific purpose, has no sensisitivies.
The link below gives more advice on encrypting devices and documents.
Needing to use an old computer
Special circumstances may prevent your use of encryption. For example, you may need to use an old computer to control a special device or lab equipment at work. Upgrading the computer might mean the software would no longer work. The way to protect this type of device, is to avoid connecting it to the network, or connect it to a network specially set up for your laboratory work.
For information how to do this, discuss with your local Computer Officer, and refer them to the Information Security Team.
Contacting the Information Security Team, or reporting a security incident
Take a risk-based, mitigative approach, to minimise the impact should the computer be stolen, lost or broken.
Travelling into countries where encryption is forbidden
When travelling to countries which do not permit encryption, take a new, or specially erased computer instead, and use that to access any information you need over the network. There are some quite deep complexities in this area though. Refer to the link below for more information.
Regularly backing up is important. It makes sure you won't lose important information once your device breaks or being stolen.
Here is more information about Backups & Deletion
If the device is passed from one person to be used by another at work, you MUST erase all data from it, and in particular:
- delete all configured email accounts (they would give a subsequent user access to your email)
- delete all remembered WiFi access points (they would contain your WiFi password for example for EDUROAM)
- re-install any departmental configurations for your workplace
In short: you should completely erase all configurations from these devices before you hand them to a new user. Don't forget, if you are handing your old phone to a member of your family, erase it first.
Here is more information about Backups & Deletion
The University requires that where possible, all personal data is stored securely.
Proper encryption and backups ensure that even if there is a breach, data is not immediately able to be exploited by hackers and any data affected can be recovered with minimal disruption.
It is essential that if you are processing the personal data of others or are taking part in research, that you consider how you will be backing up and securing any data you collect, generate and store.