Laptops, smartphones, and USB drives are convenient but losing one can quickly become a serious security incident. It is a very real possibility that devices containing sensitive university and/or personal data can be lost or stolen. The good news is that encryption can make the difference between a costly data breach and a manageable inconvenience.
What’s at risk?
An unencrypted lost device can expose student records, employee personal information, research data, financial records, and university login credentials. In many cases, a single stolen laptop could trigger a FERPA or HIPAA compliance incident requiring mandatory reporting and potentially affecting thousands of individuals.
What is encryption?
Encryption scrambles the data on your device so that it is completely unreadable to anyone who does not have the correct credentials. Even if a thief physically possesses your laptop or flash drive, they cannot access the files stored on it.
What should you do?
- Laptops: University managed devices are already encrypted, no action needed on your part. If you use a personal laptop for university work, enable fulldisk encryption: BitLocker on Windows or FileVault on Mac. Contact ITS if you need help.
- Cell Phones: Personal and universitymanaged phones can both be encrypted simply by setting a strong PIN or passphrase. Both iOS and Android encrypt data automatically once a screen lock is enabled.
- Removable Storage: Avoid storing sensitive university data on USB drives when possible. If you must, use an encrypted drive.
Always report a lost or stolen device to ITS immediately. Prompt reporting allows us to remotely wipe university data before it can be accessed.