Encryption is the conversion of data into a format that is not readable or understandable without proper credentials. It provides extra security in cases where electronic information has been accidentally or purposely and maliciously disclosed. Most encryption software uses a strong password for credentials to authorize that data can be decrypted, or made readable again.
Once an encryption program is set up, it typically operates transparently. Files are automatically encrypted and decrypted when the proper credentials provided. You may see a splash screen with the name of the encryption software and its activity when saving files, moving them or shutting down your computer.
In general, encryption can be set up in the following ways:
- Individual file and folder encryption - this encrypts only the data or locations that you specify, whether on a computer or removable media such as a USB key, disc, external hard drive, SD card, etc. Some of these programs can also be used to send encrypted email attachments.
- Most programs providing this type of encryption allow you to select a password specific to the individual file. This allows you to give a password that you don't already use to encrypt other files (or use to login to your computer) to an intended receiver.
- Some programs require that when you save the file, you specify that it should be encrypted and select a password. The encryption program will include the ability to decrypt with the proper password so that the receiver does not have to have your same encryption software installed on their computer.
- IMPORTANT: For security, CUIMC email will block or quarantine individually encrypted or password protected attachments. Secure Email (#encrypt at the beginning of the subject line) must be used instead.
- Full disk encryption (FDE) - installed on a computer, external hard drive, or USB key, full disk automatically encrypts all data stored on the drive or "disk".
- On computers the authorization to access to encrypted data is often tied to the user/computer login; an additional password won't have to be typed in.
- On an external hard drive or USB key the encryption software will typically prompt for the authorized password when it is "mounted", or connected to a computer - though it may not appear until you attempt to open a file that is stored on it.
- IMPORTANT - In general, files are NOT encrypted when opened, sent through email, or moved to an unencrypted location off of the computer. This is due to decryption having already occurred when authorization was provided (successful computer login).
- Pre-boot authentication (PBA) - this protects a computer as it starts up, before the operating system loads. It provides a higher level of security than full disk encryption, which does not encrypt a computer's operating system files. See Encryption Requirements for information on equipment that must support PBA.