If a portable device contains sensitive data (SSNs, bank account numbers, patient health information), it should be encrypted to avoid fines and criminal misuse in case the device becomes lost or stolen. As well, e-mail offers little to no privacy, making it a vulnerable platform for confidential communication. To share sensitive data, either use Secure Share or send an encrypted attachment.
Encrypting Laptops and Thumb Drives
Following is encryption instruction for Windows and Mac. Before encrypting, ensure you have a good backup.
- Windows: BitLocker
- Drive Encryption Overview: https://technet.microsoft.com/en-us/library/Cc732774.aspx?f=255&MSPPError=-2147217396
- Encrypting Thumb Drives: https://technet.microsoft.com/en-us/magazine/ff404223.aspx
- Mac OS X: FileVault
- Enabling FileVault on El Capitan (10.11) or Yosemite (10.10)
- With a recovery key (key escrow): https://support.apple.com/en-us/HT202385
- Best Practices for Deploying FileVault2: http://training.apple.com/pdf/WP_FileVault2.pdf
Sharing Files with Sensitive Data
- Secure Share is a service that can transfer files securely between individuals affiliated with Penn when other mechanisms (e.g., secure, shared file servers) aren't available.
- Another option (especially for sharing information with individuals outside of Penn) is to put the sensitive data in a document, encrypt it, and send it in an email:
- Put sensitive data into a document using Microsoft Word/Excel 2007 (or later) or use WinZip.
- Select Save As > Tools > General Options > Password to open
- Set unguessable password:
- Correct: CebCavuts9 or NutellaToastMelonBun
- Incorrect: W3Lc0me123 (Attackers use tools that trivially make substitutions like 3 for etc.)
- Call the recipient and tell them the password.
NOTE: Setting a password to modify is optional. However, using only this password is not strong enough to protect the document. You must set a password to open to encrypt the document securely.