To encrypt a laptop*, IT support staff will install a software update that turns on the encryption software that comes with the machine. For Microsoft Windows laptops and tablets, it is called BitLocker, and for Apple Mac OSX devices it’s called FileVault2. Windows encryption takes place in the background so you can keep working.
*If you have a laptop that runs Linux (or another Unix-based operating system), you will be required to self-implement full disk encryption, and also create and manage a recovery key for the local drive.
Notes regarding encrypted laptop drives:
- If you’ve enabled drive encryption manually, it’s recommended that you de-crypt the drive, and have your local IT support staff re-encrypt it, so the recovery key is automatically created and saved for your safety.
- Laptops shared by several people will work just as they do now. Individual users will sign on with their own HawkID and password.
- It’s important to understand that once a laptop is turned on and you’ve logged in, the drive is decrypted in order to operate. Full disk encryption does not prevent your laptop or tablet from getting malicious software ("malware"), or from being compromised by cyber-attackers while it’s being used.
- The encryption recovery key, which is safely stored away in the event it’s needed, does NOT include a backup of your information. You are strongly advised to store information in secure network storage services such as OneDrive or in departmental file storage space, so backups are regularly created.
- Laptops should never be left turned on and unattended. Configure the device to activate the screen saver after a few minutes of inactivity, and require the password to reopen it.