Information Security Initiatives: Encrypting Desktops and Laptops

Posted April 25th, 2018 at 12:10 pm.

As part of the College’s continuing efforts to improve our information security, LITS is preparing to deploy full disk encryption technologies to College Windows and macOS devices.

On a day-to-day basis, this change will not be noticeable to you.  However, it will better protect the data you have stored on your computer both when you’re here and when you travel.

A few individuals have already been enrolled in the encryption program.  If you’re getting a new computer or having substantial work done on your computer (such as an operating system change or a “re-image”), we’ll enroll you as part of that process.  For those not due for a new computer or operating system change, more info will be forthcoming.

Once your computer is encrypted, there are some additional considerations when it comes to international travel. Please contact the Help Desk well in advance of your travel for a LITS consult, particularly if the US State Department indicates that encrypted devices may be a challenge for the country to which you are travelling — this warning is usually indicated for China and Russia.

This is still a new initiative for us, and more information will be posted soon.  In the meantime, if you have any questions or concerns, please contact the Help Desk (x7440, help@brynmawr.edu, http://lits.brynmawr.edu) to request a consultation.

 

About Full Disk Encryption

“Full disk encryption, also known as whole disk encryption, protects data that’s at rest on a computer or phone, as opposed to email and instant messaging data that’s in transit across a network. When done effectively, it prevents any unauthorized person, including phone and computer makers themselves, from accessing data stored on a disk. This means that if you leave your laptop or phone behind in that Uber driver’s car, or some shifty government agent tries to access your computer at an airport or other border crossing, they won’t be able to get at your data without your help—even if they remove the hard drive and place it in another machine.” — https://www.wired.com/2016/07/hacker-lexicon-full-disk-encryption/

With our staff and faculty travelling so often, and many reports of various data breaches and intrusions on individual computers, it is necessary to provide this basic level of protection. Disk encryption prevents unauthorized users from gaining access to data by directly accessing the hard drive without valid credentials.

Your password is still a part of the equation — a strong passwords prevents unauthorized parties from gaining access to the computer “normally” — the encryption technology protects against other means of accessing the drive directly.  You should also be sure to follow the College Data Handling Policy, and minimize or eliminate sensitive data stored on your computer hard drive.

Synergies: The deployment of this technology to a given computer includes bios/firmware updates which are also required for mitigation of the Spectre and Meltdown vulnerabilities in the Intel chips.

 

Filed under: Announcements by Amy Pearlman

Comments are closed.