Faculty Encryption Guide

Here is your cleaned-up and formatted HTML, optimized for Drupal CMS with all requested accessibility, layout, and Bootstrap 5 improvements:

Summary

This guide provides an overview of “in-place” or “data at rest” encryption. The focus is on workstation (or desktop), laptop, and external drive encryption to protect your information—especially research data—from unauthorized access. It does not cover “data in motion,” which refers to encrypting file transfers on a network.

Encryption Methods

These are various approaches or methods of encryption that can be used.

1. Full disk encryption: encrypting all data on the storage media.
2. Container or volume encryption: designating a specific virtual container or disk volume to encrypt.
3. File or folder encryption: specifying files or folders to encrypt as needed.
4. Application encryption: using an application that is capable of encrypting the data.

Full Disk Encryption

Full or whole disk encryption encrypts all the data on your hard disk. For example, you can encrypt external disks or laptops so the data is protected if lost or stolen. If you are working with confidential information, you should use a strong password and whole disk encryption. The software used to encrypt your disk varies depending on your operating system.

Considerations

• All information is automatically encrypted by the installed software.
• Loss or corruption of authentication credentials or keys would result in loss of the entire system.
• May affect system performance (e.g., processing overhead can cause slowness).

Container or Volume Encryption

Container or volume encryption provides a specific area that has encrypted data. For example, you can create a virtual encrypted disk using VeraCrypt (opens in a new window) . You would then mount that disk and store files there. Alternatively, a portion of your hard drive can be partitioned to store encrypted data separate from your operating system. In general, it’s easier to use full disk encryption on a separate data hard disk—either internal or external. You may also use a container on a USB drive for only the data you want to keep confidential.

Considerations

• Information is encrypted when placed on the designated volume or container.
• Loss or corruption of authentication credentials or keys results in data loss for that volume only.
• Requires manual effort to ensure sensitive data is stored in the encrypted location.

File or Folder Encryption

Each specific file and/or folder can be encrypted using a password. This is helpful if you only have a few items to protect. If you have more data to secure, it is generally easier to store it on a separate encrypted disk.

Considerations

• Each designated file must be individually managed.
• Loss or corruption of authentication credentials or keys results in loss of data in the affected files only.
• Requires manual management to ensure all sensitive data is encrypted.

Application Encryption

This method relies on specific applications (such as Microsoft Office or backup software) to encrypt files. The application manages the encryption process and credentials.

Considerations

• Only data used by the application is encrypted.
• Loss or corruption of credentials results in loss of data specific to that application.
• Users and admins must understand the encryption scope of the application.
• Data exported from the application may not remain encrypted.

Software Solutions

Cross-platform

For external disks used across different operating systems, we recommend VeraCrypt encryption software (opens in a new window) , an open-source solution for Windows, macOS, and Linux. You can create virtual encrypted disks or encrypt entire partitions.

Learn more by visiting the VeraCrypt Beginner’s Tutorial (opens in a new window) .

macOS

On macOS, use FileVault for full-disk encryption of your startup disk. See Apple’s FileVault documentation (opens in a new window) .

You can also encrypt external disks using Disk Utility. Refer to this guide from Apple (opens in a new window) .

Windows

Windows Pro and Enterprise editions include BitLocker for full-disk encryption. Enable it as an administrator and securely store your recovery key.

See Microsoft’s BitLocker overview (opens in a new window) and the BitLocker setup tutorial on How-To Geek (opens in a new window) .

Getting Help

If you work in the School of Social Ecology at UC Irvine and would like assistance encrypting your data, please contact Social Ecology Computing Services:

• Email: se.computing@uci.edu
• Phone: (949) 824-8202
• Website: Social Ecology Computing Services website (opens in a new window) 

For general guidance, refer to the UCI Security website (opens in a new window) .

Let me know if you’d like this in Markdown or plain text, or need a printable version.