FileVault full-disk encryption, also called FileVault 2, is the approved encryption method for Macintosh computers used at CUIMC, see this article for an overview of how it works.

When FileVault is first turned on it encrypts all data stored on the computer's hard disk. It may take a while to finish the initial encryption but you can use the Mac while it is running.

Before Turning on FileVault

• Make sure you have run a recent backup of the Mac as per CUIMC requirements. If issues occur during initial encryption this may be the only way to regain corrupted files.
• Make sure your Mac is using its power cord and not running off of battery power. Interruptions due to loss of power can result in corrupted files.
• It is also highly recommended to first check for and repair any hard disk errors using Disk Utility.

Turn on FileVault

1. Open System Preferences from your dock or the Apple drop down menu in the upper right.
2. Select the Security & Privacy icon.
   
3. Select the FileVault tab from the menu bar.
   
4. If the padlock in the lower left corner is closed, click on it and type in the Mac's Admin password when prompted.
5. Select the Turn On FileVault button in the upper right of the window.
   NOTE: If the Mac has multiple login accounts set up, you will see a list with a button to Enable User... next to each. Please see information on Apple's Use FileVault page for help.
6. A window with your unique recovery key will appear. Copy it down carefully and store it in a safe, secure place off of your Mac. It is the only other way to gain access to your encrypted Mac if you forget your login password.
   
7. Click the Continue button once you have copied and secured your recovery key.
8. At the next window, select the option to Create a recovery key and do not use my iCloud account, then click Continue.
   Apple does not have the required Business Associate Agreement with CUIMC to store keys or information pertaining to confidential and sensitive data.
   
9. At the next prompt click the Restart button. The computer will restart and begin encrypting the full disk.
   • It is ok to use the computer as it is encrypting.
   • To view the status, return to the Security & Privacy option in System Preferences. It will show the approximate time remaining.
     

When the encryption process has completed, FileVault will remain enabled. Keep in mind that while you are logged in to the Mac, data is not encrypted and can be read by anyone with access to it. Be sure to set up a screensaver lock and require a password if the computer is left unattended after a short period of time.