Encrypt My Devices

Encrypt My Devices

How and why encryption is essential at UBC

SECURE IT: Encrypt your Devices Today

What is encryption?

Encryption is a method of preventing unauthorized access to electronic data. It is used to protect data on devices such as computers, laptops, cellphones, or USB sticks. It can also be used to protect data during transmission. For example, after you enter your credit card details to purchase something online, your computer automatically encrypts that data so that others cannot steal this information when it is transmitted over the internet.

Encryption is imperative for sending sensitive information, securing your documents, keeping your email private and, ultimately, it allows for peace of mind if a computer is misplaced, lost or stolen.

19,328,254 records were lost/stolen from the Education industry in 2015.

Malicious outsiders are responsible for most security breaches.*

Only 4% of data breaches involved encrypted computers in 2015.

Encryption renders stolen data useless.*

*Both statistics from https://safenet.gemalto.com

1What happens when I encrypt my devices?

Encryption is the process of scrambling information, making it unreadable in order to protect it from unauthorized access. When information is encrypted, you need a password to make it readable again.

Encrypting your desktop computer and mobile devices (including laptops) is the most effective way to keep your personal information and UBC’s data secure.

2Why should I encrypt my devices?

At UBC, we are regulated by the Freedom of Information and Protection of Privacy Act (FIPPA), which requires us to protect personal information from unauthorized collection, use, or disclosure. In support of the law, UBC policy requires that all mobile devices storing personal information must be encrypted.

Security breaches can cause a lot of wasted time, money, and stress, and can harm the university's reputation and the need for compliance requirements. But, in the event that your device is misplaced, lost or stolen, encrypted data will be unreadable without a password.

Devices are replaceable; personal or private information is not.

3How do I request encryption?

Encryption is provided for UBC faculty and staff at no cost in order to help with the protection of University confidential or sensitive data.

You can request encryption by contacting your faculty or department’s local IT support.

An overview of the encryption process for common devices and operating systems is outlined below:



Encryption Overview - what you need to know for Mac computers

Reminder: even an encrypted device is vulnerable if it does not have proper password protection. Your password should be unique, comply with the UBC password policy and if used as an encryption password comply with the key escrow requirements.

  • To check your computer to see if it has been encrypted, follow the instructions here.
  • The software takes less than 10 minutes to install per computer.
  • This software has little to no noticeable performance impact on your computer once the full encryption process is complete. Typically this takes 1-3 days.
  • You can also use your computer as usual immediately after the installation.
  • Restarting, sleeping, hibernating, and shutting down the computer will have no impact on the encryption process.
  • Once the software is installed, everything happens in the background, invisible to you. You will be prompted to restart a few times. Please follow the instructions on the screen. Do not be alarmed by restarts.
  • Encryption typically takes 1-3 days to apply. Occasionally it can take up to 2 weeks. You do not need to check on the progress. Please be patient.
  • You will notice a red McAfee logo on the top menu bar.

OS X 10.8.2 and above

  • We use a solution called McAfee Management of Native Encryption (MNE)
  • McAfee MNE partners with the Apple native encryption which is called Filevault v2.0
  • The log in process remains the same, you log in to your computer using your usual login username and password.

OS X 10.7 and below

  • The encryption service does not support your Operating System.
  • Contact your local IT Support to check if upgrading your Operating System is possible.

OS X systems with RAID

Encryption Overview – what you need to know for Windows computers

Reminder: even an encrypted device is vulnerable if it does not have proper password protection. Your password should be unique, comply with the UBC password policy, and if used as an encryption password comply with the key escrow requirements.

  • To check your computer to see if it has been encrypted, follow the instructions here.
  • The software takes less than 10 minutes to install per computer.
  • This software has little to no noticeable performance impact on your computer once the full encryption process is complete. Typically this takes 1-3 days.
  • You can also use your computer as usual immediately after the installation.
  • Restarting, sleeping, hibernating, and shutting down the computer will have no impact on the encryption process.
  • You will be prompted to restart a few times. Please follow the instructions on the screen. Do not be alarmed by restarts.
  • Encryption typically takes 1-3 days to apply. Occasionally it can take up to 2 weeks. You do not need to check on the progress. Please be patient.
  • You will notice a red McAfee logo on the system tray

Windows 7 Home or Professional

You should contact your local IT Support to check if upgrading your Operating System is possible. If not, we will follow these recommendations:

  • We will need to install McAfee Whole Disk Encryption as the native Windows encryption (BitLocker) is not compatible.
  • You will notice a grey McAfee screen upon boot up. This is the encryption screen. It uses your CWL username for authentication. If this is your first time seeing the screen, you will be prompted to create a password, as well as three recovery questions and answers. You may enter a different password from the one you use for your CWL.
  • If you forget your password, contact your local IT Support to reset it.

Windows 7 Ultimate or Enterprise

  • We use a solution called McAfee Management of Native Encryption (MNE) which partners with Microsoft’s BitLocker native encryption solution.
  • Once the software is installed, everything happens in the background, invisible to you.

Windows 8 (core)

You should contact your local IT Support to check if upgrading your Operating System is possible. If not, we will follow these recommendations:

  • We will need to install McAfee Whole Disk Encryption as the native Windows encryption (BitLocker) is not compatible.
  • You will notice a grey McAfee screen upon boot up. This is the encryption screen. It uses your CWL username for authentication. If this is your first time seeing the screen, you will be prompted to create a password, as well as three recovery questions and answers. You may enter a different password from the one you use for your CWL.
  • If you forget your password, contact your local IT Support to reset it.

Windows 8 (RT)

  • This operating system version is primarily for Tablet systems.
  • Microsoft’s Bitlocker native encryption solution is not supported on this operating system.
  • McAfee Whole Disk Encryption is not supported on tablets.
  • It is vitally important that you follow UBC’s safe data storage and data classification policies [PDF]

Windows 8 Professional or Enterprise

  • We use a solution called McAfee Management of Native Encryption (MNE) which partners with Microsoft’s BitLocker native encryption solution.
  • Once the software is installed, everything happens in the background, invisible to you.

Window 10 Home

You should contact your local IT Support to check if upgrading your Operating System is possible. If not, we will follow these recommendations:

  • We will help you setup the Window 10 (Home Edition) Device Encryption
  • If the Home Edition is not compatible, we will need to install McAfee Whole Disk Encryption
  • You will notice a grey McAfee screen upon boot up. This is the encryption screen. It uses your CWL username for authentication. If this is your first time seeing the screen, you will be prompted to create a password, as well as three recovery questions and answers. You may enter a different password from the one you use for your CWL.
  • If you forget your password, contact your local IT Support to reset it.

Windows 10 Professional, Enterprise or Education

  • We use a solution called McAfee Management of Native Encryption (MNE) which partners with Microsoft’s BitLocker native encryption solution.
  • Once the software is installed, everything happens in the background, invisible to you.

Windows systems with RAID

Encryption Overview – what you need to know for Linux computers

Reminder: even an encrypted device is vulnerable if it does not have proper password protection. Your password should be unique, comply with the UBC password policy, and if used as an encryption password comply with the key escrow requirements.

We will soon be recommending encryption standards for Linux devices. In the meantime:

Encryption Overview – what you need to know for mobile devices

Reminder: even an encrypted device is vulnerable if it does not have proper password protection. Your password should be unique, comply with the UBC password policy, and if used as an encryption password comply with the key escrow requirements.

iPhone and iPads

How do I know if my device is encrypted?
iPhones and iPads are not encrypted by default. However, if you password protect the device or use a thumb/finger print to access the device, it is encrypted.

How do I encrypt?
Turn on a passcode (which can be found under setting, usually in the “Touch ID & Passcode” submenu.)

All other phones and tablets

How do I know if my device is encrypted?
Android, Windows and BlackBerry phones and tablets are not encrypted by default, so if you are not sure, your device is probably not encrypted.

Having to enter a password to access the device does not guarantee it is encrypted.

Different versions of Android, Windows and Blackberry devices place their encryption settings behind different menus.

You can often see if your device is encrypted under menus such as “System”, “Security” and “Passcode”, and “Encryption”. You can often find device specific instructions by doing an internet search for your device and the word encryption.

If in doubt, contact your departmental IT support.

How do I encrypt?
In most cases, if you were able to find the menu that told you that your device is encrypted the option to encrypt is in the same location.

Check with your departmental IT support or device provider if you have questions about encrypting.

For BlackBerry 10: Go to Settings > Encryption. Set Device Encryption to ON & set the device password

Storage devices (e.g. memory sticks and hard drives)

How do I know if my device is encrypted?
When storage devices are encrypted, the encryption software used will normally ask for a password when you plug it into your USB port.

How do I encrypt?
If you are using UBC McAfee Encryption Service it will prompt you if you want to encrypt your storage device when you plug it in.

You can encrypt specific files and folders on USB sticks using freely available encryption tools such as 7zip.





Go even further...

For a much more in-depth look at encryption at UBC, you can:

Complete the full Fundamentals training to learn how to protect yourself and others
View the Information security standards on encryption requirements at UBC
Learn more about UBC IT Encryption Services
Browse the encryption FAQ on the UBC IT website