Encryption is a useful measure you can apply to protect your data, especially when other data protection methods, such as high-security storage options or de-identification of the data, are not feasible or when multiple protection methods should be applied to the data. The following provides a basic description of a few encryption methods and how they should be applied.

Full Disk Encryption

Full disk encryption (FDE) encrypts the hard drive of your computer; this is important because if your computer is lost or stolen the hard drive can be removed and the information on it accessed if it hasn’t been encrypted, even if your computer is password-protected. Anyone working with research data that is stored, even temporarily, on their computer’s local hard drive should ensure that FDE is active.

NB: Most users of the VU Cloud-based storage solutions, Research Drive and SURFdrive, will use the desktop client to sync the data to their local hard drive. If this applies to you, you should always have FDE active and you should take additional steps to keep the data secure.

Additional information on these FDE options can be found on VUnet.

Filesystem-level Encryption

Filesystem-level encryption (FLE) encrypts individual files or entire folders. There are many different types of FLE software and unfortunately, VU IT does not provide support for these encryption tools. Many are free and fairly easy to use, however. Unfortunately, if you work on a green or orange workstation you will need to get help from the IT Service Desk () to install most of these encryption tools. Also, if the encrypted files and folders need to accessed on more than one computer, than every computer needs to have the software installed to be able to de-encrypt the files/folders.

Encrypted Portable Media

Information on encrypted portable media can be found in the guide on Secure Physical Data Transport.

Passwords

Set strong passwords when encrypting your media. For further information on strong passwords, review the Security Basics.

Long-term encryption

Encryption standards change over time because, as computers become more powerful, it becomes easier to break older encryption methods. If encrypted files will be stored for long periods of time, it is important to re-assess regularly whether the encryption used still meets current standards. If data will be encrypted and stored for more than 5 years, you should ensure that someone on your research team will monitor whether your encryption methods should be updated. Updates are necessary whenever an encryption standard has been cracked or has been shown to be vulnerable. The IT Service Desk can help with this assessment.