Enterprise Information Technology Services: Home

access and security

Office of Information Security

Encryption Guidelines

If sensitive information must be kept, keep it encrypted.

Overview

Encrypting files provides helps protect information when those files end up in the wrong hands. The UGA Data Classification and Protection Standard requires encryption for mobile devices, attachments, and other contexts in which data are accessed or stored.

Encrypting/decrypting files usually involves the creation and use of a password, so individuals should consult the UGA Password Standard before selecting a password for an encrypted file.

Recommendations

Below are recommendations on the best encryption solution(s) to use in commonly encountered situations at UGA. Faculty and staff are advised to consult with departmental IT staff before implementing any of these recommended solutions.
 

Situation Recommended Solution Comments
Sending sensitive files via email to external parties SendFiles Use SendFiles to send a link to an encrypted file. SendFiles provides better security, access control, and non-repudiation that traditional than email.
Sending sensitive files via email to internal parties SendFiles or MS Office SendFiles is preferred and provides better security and control. If, for some reason, SendFiles cannot be used MS Office documents can be encrypted before being shared with or sent to an internal recipient.
Storing sensitive data in individual documents MS Office Microsoft Office has built-in strong encryption that is easy to use. However, each document has to be encrypted individually as needed.
Storing sensitive files in a cloud service like SkyDrive MS Office or BoxCryptor For individual documents, built-in MS Office encryption is preferred because it is uses strong encryption and is very easy to use. If other files need to be stored on a cloud-based storage service, BoxCryptor can be used to automatically encrypt files before they are uploaded to the cloud.
Storing / accessing sensitive data in several files TrueCrypt Rather than encrypting files individually, use TrueCrypt to create an encrypted volume that can store as many files as needed in a convenient encrypted directory that can be accessed at any time.
Retaining / archiving sensitive records SendFiles Files stored on SendFiles are stored in an encrypted format, backed up in an encrypted format, and accessible by authorized users via a webpage interface. SendFiles supports file aging, so that archived records can be automatically deleted when they are no longer needed.
Sensitive devices needing full disk encryption TrueCrypt Use TrueCrypt to create an encrypted volume or consider a whole disk encryption solution like PGP or MS BitLocker

SendFiles

Microsoft Office 2007 - 2010

Built in encryption in Microsoft Office 2007 and 2010 is easy to use and provides adequate security for exchanging files within UGA. You can find out how to use this MS Office feature here:

The Encrypt Document feature is not recommended for versions of MS Office before 2007. The encryption used by these versions of Office is considered weak and can be broken with widely available "cracking" tools.

TrueCrypt

TrueCrypt is an open source encryption system that provides a highly versatile and powerful set of tools for encrypting files, folders, or entire drives. TrueCrypt is free and works on Windows, OS X,and Linux. TrueCrypt is recommended for anyone who must handle or store sensitive information on a regular basis, especially on mobile devices.

BoxCryptor

BoxCryptor is a tool for securing cloud services. With BoxCryptor, files are automatically encrypted locally before being stored with a cloud service. You can then access those files from any of your devices and have BoxCryptor automatically decrypt them as needed. BoxCryptor offers a free version for Windows, OS X, Linux, iPhone, iPad, and Android that will support 1 cloud drive.

Help

Please contact the Office of Information Security via the EITS Helpdesk if help is needed identifying an appropriate encryption solution.