Turn On Encryption
Turning on the encryption that comes with Windows or Apple devices ensures that a theft does not turn into a breach. Patients and research subjects rightly expect us to safeguard their health information. And because encryption is generally free and does not impact computer processing, an unencrypted stolen device often leads to enforcement penalties: https://www.hhs.gov/about/news/2019/11/05/failure-to-encrypt-mobile-devices-leads-to-3-million-dollar-hipaa-settlement.htmlEncrypting Personal Desktops, Laptops, and Tablets
Encrypting Managed Devices
All new BU managed devices (e.g., desktops, laptops, and tablets) come standard with encryption turned on. We are now working with individuals and departments to turn on encryption for older, managed devices. BU Data Protection Standards, Minimum Security Standards require encryption for all managed devices. http://www.bu.edu/policies/minimum-security-standards/
When we start the encryption process, there will be a small impact to performance. But there is no impact after the process is complete.
We have found that it generally takes a few hours to overnight for the encryption process to complete. So, we generally recommend starting the process when you end your work day (e.g., 5:00 p.m.)
Although it is very rare, there is a small chance that data will be corrupted during the encryption process. So, we recommend placing a copy of your important files and folders in BU Microsoft OneDrive. We have instructions here: http://www.bumc.bu.edu/it/support/storage-options/bu-onedrive/backup-local-folders-to-onedrive-windows/
To start the encryption process or to confirm your device is encrypted, send an email to firstname.lastname@example.org
Follow the instructions below to turn on encryption for your personal devices
Encrypting Personal Phones
If you bought your phone in the last two years and passcodes or biometric scans are required to unlock it, then encryption is automatically turned on. If you bought your phone more than two years ago, then it is likely you have to manually turn on encryption by going to settings.
Encrypting Personal Desktops, Laptops, and Tablets
1. Check to see if your personal device has encryption enabled.
- On a Windows computer, below are steps to find if you have BitLocker enabled. Note: if you do not see that you have BitLocker on your computer, then you either have an older version of Windows or Windows 10 Home. Please update it to Windows 10 Pro.
- On an Apple computer, below are steps to find if you have FileVault enabled
2. If your personal device does not have encryption enabled, then follow these steps.
- BitLocker is ONLY available on the following editions of Windows: Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education
- If you have Windows 10 Home, the minimum cost to upgrade is $99 USD to the Windows 10 Pro edition. After you complete the upgrade, proceed to step 3.
- Enable encryption by following these instructions here: https://support.microsoft.com/en-us/help/4028713/windows-10-turn-on-device-encryption
Note: As you’re going through the steps, be sure to save your recovery key by printing/writing it on paper and save it to a cloud location of your choice.
- FileVault 2 is ONLY available on the following editions of Mac OS: Mac OS X Lion (10.7) and later.
- It is free to upgrade your Mac operating system.
- Enable encryption by following these instructions here: https://support.apple.com/en-us/HT204837