Encrypt confidential, sensitive, or high-risk information
To better protect the sensitive data that the University of Delaware collects, all computer files that contain confidential, sensitive, or high-risk information must be encrypted.
Encryption is a process whose goal is to make data usable only by those who are authorized to do so. When you encrypt a file you use a specific key to make a copy that is generally unreadable. The file can only be decoded using a matching decryption protocol and an appropriate decryption key. In essence, encryption is a form of digital lock that prevents anyone from accessing data without one of these keys. If a computer is stolen or used by someone without permission, encrypted files and folders will be inaccessible.
Click the two topic headings below to learn about UD's encryption guidelines.
PII Storage and Encryption
- Any files containing sensitive Personally Identifiable Information (PII), including, but not limited to, Social Security numbers and health information, must be stored safely, preferably on a central UD service that uses encryption.
- Files containing sensitive PII stored on departmental file servers, personal computers, or other departmentally managed devices or storage must be encrypted.
- You must always re-encrypt a file if you've made any changes to it.
- Delete unencrypted copies of a file after you've made an encrypted version.
- AES Scrypt, like some other encryption software, makes an unencrypted copy when you open an encrypted file. Delete the unencrypted copy when you are done viewing a file.
- Remember the key (password) you used to encrypt your files. If the key gets lost, there is NO way for IT, or anyone, to decrypt files encrypted with AES Crypt. They will remain encrypted and inaccessible forever. (Click Encryption Key Management below for more information.)
- Contact your department's or college's IT Professional or the IT Support Center if you require assistance while working with encrypted files.
Encryption Key Management
- Work with your unit administrator to decide how you will select encryption keys. You will do one of the following:
- If IT encrypted one or more of your files with AES Crypt, you can continue using the key IT provided.
- If you choose to use your own key, you will need to choose a strong key that is impossible to guess. You are advised to use random letters, numbers, and symbols. Consider using a password generator to create a secure key.
- Check with your unit administrator to understand how your unit will keep encryption keys secure and available for operational continuity. Your unit's encryption keys:
- must be secured from loss, destruction, unauthorized access or modification at the same level as the data they protect
- must not be stored or sent in clear text that identifies them as encryption keys or that identifies the file(s) they protect.
- When sharing an encrypted file, send the key using a different communication channel from the one used to send or share the encrypted file. For example, do not send the key in the same e-mail message that contains a link to the encrypted file or that includes the encrypted file as an attachment. Instead, communicate the key using a separate e-mail, a phone call, or an in-person meeting.
- Remember the key (password) you used to encrypt your files. If the key gets lost, there is NO way for IT, or anyone, to decrypt files encyrpted with AES Crypt. They will remain encrypted and inaccessible forever.
Recommended encryption tool
IT recommends using AES Crypt, software that will encrypt files on Windows, Macintosh, and Linux computers. We have published directions for installing and using AES Crypt on Windows computers. If you require assistance using AES Crypt on a Macintosh or Linux system, check with your department's IT professional or contact the IT Support Center.
UD IT routinely scans University servers to identify unencrypted files containing Social Security Numbers (SSNs). Any unencrypted file containing SSNs found on the servers will be encrypted with AES Crypt. If you see a file with the ".aes" file extension, it has been encrypted. To receive the password to decrypt the file, contact the IT Support Center.