Encryption Guidelines
If sensitive information must be kept, keep it encrypted.
Overview
Encrypting files provides helps protect information when those files end up in the wrong hands. The UGA Data Classification and Protection Standard requires encryption for mobile devices, attachments, and other contexts in which data are accessed or stored.
Encrypting/decrypting files usually involves the creation and use of a password, so individuals should consult the UGA Password Standard before selecting a password for an encrypted file.
Recommendations
Below are recommendations on the best encryption solution(s) to use in commonly encountered
situations at UGA. Faculty and staff are advised to consult with departmental IT staff
before implementing any of these recommended solutions.
Situation | Recommended Solution | Comments |
---|---|---|
Sending sensitive files via email to external parties | SendFiles | Use SendFiles to send a link to an encrypted file. SendFiles provides better security, access control, and non-repudiation that traditional than email. |
Sending sensitive files via email to internal parties | SendFiles or MS Office | SendFiles is preferred and provides better security and control. If, for some reason, SendFiles cannot be used MS Office documents can be encrypted before being shared with or sent to an internal recipient. |
Storing sensitive data in individual documents | MS Office | Microsoft Office has built-in strong encryption that is easy to use. However, each document has to be encrypted individually as needed. |
Storing sensitive files in a cloud service like SkyDrive | MS Office or BoxCryptor | For individual documents, built-in MS Office encryption is preferred because it is uses strong encryption and is very easy to use. If other files need to be stored on a cloud-based storage service, BoxCryptor can be used to automatically encrypt files before they are uploaded to the cloud. |
Storing / accessing sensitive data in several files | BitLocker | Rather than encrypting files individually, use BitLocker (for Windows) or FileVault (for Macs) to create an encrypted volume that can store as many files as needed in a convenient encrypted directory that can be accessed at any time. |
Retaining / archiving sensitive records | SendFiles | Files stored on SendFiles are stored in an encrypted format, backed up in an encrypted format, and accessible by authorized users via a webpage interface. SendFiles supports file aging, so that archived records can be automatically deleted when they are no longer needed. |
Sensitive devices needing full disk encryption | BitLocker | Use BitLocker to create an encrypted volume or consider an alternative whole disk encryption solution. |
SendFiles
- Visit the EITS SendFiles page or contact the EITS Help Desk for more information on using SendFiles.
- Log in to SendFiles here.
Microsoft Office 2007 - 2010
Built in encryption in Microsoft Office 2007 and 2010 is easy to use and provides adequate security for exchanging files within UGA. You can find out how to use this MS Office feature here:
The Encrypt Document feature is not recommended for versions of MS Office before 2007. The encryption used by these versions of Office is considered weak and can be broken with widely available "cracking" tools.
BoxCryptor
BoxCryptor is a tool for securing cloud services. With BoxCryptor, files are automatically encrypted locally before being stored with a cloud service. You can then access those files from any of your devices and have BoxCryptor automatically decrypt them as needed. BoxCryptor offers a free version for Windows, OS X, Linux, iPhone, iPad, and Android that will support 1 cloud drive.
Help
Please contact the Office of Information Security via the EITS Helpdesk if help is needed identifying an appropriate encryption solution.