Encrypt My Devices

Encrypt My Devices

How and why encryption is essential at UBC

SECURE IT: Encrypt your Devices Today

What is encryption?

Encryption is a method of preventing unauthorized access to electronic data. It is used to protect data on devices such as computers, laptops, cellphones, or USB sticks. It can also be used to protect data during transmission. For example, after you enter your credit card details to purchase something online, your computer automatically encrypts that data so that others cannot steal this information when it is transmitted over the internet.

Encryption is imperative for sending sensitive information, securing your documents, keeping your email private and, ultimately, it allows for peace of mind if a computer is misplaced, lost or stolen.

33.5 million records were breached in the Education industry in 2017.

Malicious outsiders are responsible for most security breaches.*

Only 4% of data breaches involved encrypted computers in 2017.

Encryption renders stolen data useless.*

*Both statistics from http://breachlevelindex.com

1What happens when I encrypt my devices?

Encryption is the process of scrambling information, making it unreadable in order to protect it from unauthorized access. When information is encrypted, you need a password to make it readable again.

Encrypting your desktop computer and mobile devices (including laptops) is the most effective way to keep your personal information and UBC’s data secure.

2Why should I encrypt my devices?

At UBC, we are regulated by the Freedom of Information and Protection of Privacy Act (FIPPA), which requires us to protect personal information from unauthorized collection, use, or disclosure. In support of the law, UBC policy requires that all mobile devices storing personal information must be encrypted.

Security breaches can cause a lot of wasted time, money, and stress, and can harm the university's reputation and the need for compliance requirements. But, in the event that your device is misplaced, lost or stolen, encrypted data will be unreadable without a password.

Devices are replaceable; personal or private information is not.

Concerned about travelling with an encrypted mobile device? Learn about travelling with electronics.


3How do I request encryption?

If you are using a UBC-supplied device, encryption is provided for UBC faculty and staff at no cost, in order to help with the protection of University confidential or sensitive information.

You can request encryption by contacting your faculty or department’s local IT support.

An overview of the encryption process for common devices and operating systems is outlined below:



Encryption Overview - what you need to know for Mac computers

Reminder: even an encrypted device is vulnerable if it does not have proper password protection. Your password should be unique, comply with the UBC password policy and if used as an encryption password comply with the key escrow requirements.

  • To check your computer to see if it has been encrypted, follow the instructions here.
  • The software takes less than 10 minutes to install per computer.
  • This software has little to no noticeable performance impact on your computer once the full encryption process is complete. Typically this takes 1-3 days.
  • You can also use your computer as usual immediately after the installation.
  • Restarting, sleeping, hibernating, and shutting down the computer will have no impact on the encryption process.
  • Once the software is installed, everything happens in the background, invisible to you. You will be prompted to restart a few times. Please follow the instructions on the screen. Do not be alarmed by restarts.
  • Encryption typically takes 1-3 days to apply. Occasionally it can take up to 2 weeks. You do not need to check on the progress. Please be patient.
  • You will notice a red McAfee logo on the top menu bar.

OS X 10.8.2 and above

  • We use a solution called McAfee Management of Native Encryption (MNE)
  • McAfee MNE partners with the Apple native encryption which is called Filevault v2.0
  • The log in process remains the same, you log in to your computer using your usual login username and password.

OS X 10.7 and below

  • The encryption service does not support your Operating System.
  • Contact your local IT Support to check if upgrading your Operating System is possible.

OS X systems with RAID

Encryption Overview – what you need to know for Windows computers

Reminder: even an encrypted device is vulnerable if it does not have proper password protection. Your password should be unique, comply with the UBC password policy, and if used as an encryption password comply with the key escrow requirements.

  • To check your computer to see if it has been encrypted, follow the instructions here.
  • The software takes less than 10 minutes to install per computer.
  • This software has little to no noticeable performance impact on your computer once the full encryption process is complete. Typically this takes 1-3 days.
  • You can also use your computer as usual immediately after the installation.
  • Restarting, sleeping, hibernating, and shutting down the computer will have no impact on the encryption process.
  • You will be prompted to restart a few times. Please follow the instructions on the screen. Do not be alarmed by restarts.
  • Encryption typically takes 1-3 days to apply. Occasionally it can take up to 2 weeks. You do not need to check on the progress. Please be patient.
  • You will notice a red McAfee logo on the system tray

Windows 7 Home or Professional

You should contact your local IT Support to check if upgrading your Operating System is possible. If not, we will follow these recommendations:

  • We will need to install McAfee Whole Disk Encryption as the native Windows encryption (BitLocker) is not compatible.
  • You will notice a grey McAfee screen upon boot up. This is the encryption screen. It uses your CWL username for authentication. If this is your first time seeing the screen, you will be prompted to create a password, as well as three recovery questions and answers. You may enter a different password from the one you use for your CWL.
  • If you forget your password, contact your local IT Support to reset it.

Windows 7 Ultimate or Enterprise

  • We use a solution called McAfee Management of Native Encryption (MNE) which partners with Microsoft’s BitLocker native encryption solution.
  • Once the software is installed, everything happens in the background, invisible to you.

Windows 8 (core)

You should contact your local IT Support to check if upgrading your Operating System is possible. If not, we will follow these recommendations:

  • We will need to install McAfee Whole Disk Encryption as the native Windows encryption (BitLocker) is not compatible.
  • You will notice a grey McAfee screen upon boot up. This is the encryption screen. It uses your CWL username for authentication. If this is your first time seeing the screen, you will be prompted to create a password, as well as three recovery questions and answers. You may enter a different password from the one you use for your CWL.
  • If you forget your password, contact your local IT Support to reset it.

Windows 8 (RT)

  • This operating system version is primarily for Tablet systems.
  • Microsoft’s Bitlocker native encryption solution is not supported on this operating system.
  • McAfee Whole Disk Encryption is not supported on tablets.
  • It is vitally important that you follow UBC’s safe data storage and data classification policies [PDF]

Windows 8 Professional or Enterprise

  • We use a solution called McAfee Management of Native Encryption (MNE) which partners with Microsoft’s BitLocker native encryption solution.
  • Once the software is installed, everything happens in the background, invisible to you.

Window 10 Home

You should contact your local IT Support to check if upgrading your Operating System is possible. If not, we will follow these recommendations:

  • We will help you setup the Window 10 (Home Edition) Device Encryption
  • If the Home Edition is not compatible, we will need to install McAfee Whole Disk Encryption
  • You will notice a grey McAfee screen upon boot up. This is the encryption screen. It uses your CWL username for authentication. If this is your first time seeing the screen, you will be prompted to create a password, as well as three recovery questions and answers. You may enter a different password from the one you use for your CWL.
  • If you forget your password, contact your local IT Support to reset it.

Windows 10 Professional, Enterprise or Education

  • We use a solution called McAfee Management of Native Encryption (MNE) which partners with Microsoft’s BitLocker native encryption solution.
  • Once the software is installed, everything happens in the background, invisible to you.

Windows systems with RAID

Encryption Overview – what you need to know for Linux computers

Reminder: even an encrypted device is vulnerable if it does not have proper password protection. Your password should be unique, comply with the UBC password policy, and if used as an encryption password comply with the key escrow requirements.

We will soon be recommending encryption standards for Linux devices. In the meantime:

Encryption Overview – what you need to know for mobile devices

Reminder: even an encrypted device is vulnerable if it does not have proper password protection. Your password should be unique, comply with the UBC password policy, and if used as an encryption password comply with the key escrow requirements.

iPhone and iPads

How do I know if my device is encrypted?
iPhones and iPads are not encrypted by default. However, if you password protect the device or use a thumb/finger print to access the device, it is encrypted.

How do I encrypt?
Turn on a passcode (which can be found under setting, usually in the “Touch ID & Passcode” submenu.)

All other phones and tablets

How do I know if my device is encrypted?
Android, Windows and BlackBerry phones and tablets are not encrypted by default, so if you are not sure, your device is probably not encrypted.

Having to enter a password to access the device does not guarantee it is encrypted.

Different versions of Android, Windows and Blackberry devices place their encryption settings behind different menus.

You can often see if your device is encrypted under menus such as “System”, “Security” and “Passcode”, and “Encryption”. You can often find device specific instructions by doing an internet search for your device and the word encryption.

If in doubt, contact your departmental IT support.

How do I encrypt?
In most cases, if you were able to find the menu that told you that your device is encrypted the option to encrypt is in the same location.

Check with your departmental IT support or device provider if you have questions about encrypting.

For BlackBerry 10: Go to Settings > Encryption. Set Device Encryption to ON & set the device password

Storage devices (e.g. memory sticks and hard drives)

How do I know if my device is encrypted?
When storage devices are encrypted, the encryption software used will normally ask for a password when you plug it into your USB port.

How do I encrypt?
If you are using UBC McAfee Encryption Service it will prompt you if you want to encrypt your storage device when you plug it in.

You can encrypt specific files and folders on USB sticks using freely available encryption tools such as 7zip.

4What are the options for encrypting my own device?

If you are using your own personal (non-UBC supported) device to access UBC electronic information, then it is your responsibility to ensure that it is encrypted.



If you have a Microsoft based system and you are running one of the following operating systems, then you can use Microsoft's BitLocker encryption tool:

  • Windows 7: Enterprise and Ultimate Editions
  • Windows 8/8.1: Pro and Enterprise Editions
  • Windows 10: Pro, Education, and Enterprise Editions

How do I know which Windows Operating System I have?

To find out which version of Windows your PC is running, press Windows logo key + R on your keyboard, type winver then press Enter.

How can I get and use BitLocker?

If your Windows PC has one of the supported versions of Windows installed, BitLocker is already available, though it is disabled by default. To enable it, go to the Control Panel > BitLocker Drive Encryption, and click the link to Turn On BitLocker.

Follow the prompts at the wizard to create a recovery password to unlock the drive and if TPM 1.2 or later is not present on the motherboard, you'll need to set a startup password, which will be required every time you boot the system. Next, decide how you wish to backup your recovery key* and lastly, choose how you wish to have the drive encrypted. This will run a check on the system and begin the encryption process on your device. This process runs in the background and you can continue to use your device whilst it is encrypting, although you may notice that the performance is temporarily affected.

* No one will be able to recover this key for you if you forget it! We recommend that you use a Password Manager.

Additional resources

What if I don't have one of these versions of Windows?

We recommend that you upgrade to a version of Windows that will support BitLocker. If this isn't an option then please look into alternatives such as VeraCrypt.

If you have an Apple machine running macOS then you can use Apple's FileVault encryption.

How can I get and use FileVault?

FileVault is available in OS X Lion or later. When FileVault is turned on, your Mac always requires that you log in with your account password. To enable it, go to the Apple menu > System Preferences > Security & Privacy. Click the FileVault tab, click on the padlock and then enter and administrator name and password. Finally, click the Turn on FileVault button.

If other users have accounts on your Mac, you might see a message that each user must type in their password before they will be able to unlock the disk. For each user, click the Enable User button and enter the user's password. User accounts that you add after turning on FileVault are automatically enabled.

Choose how you want to be able to unlock your disk and reset your password, just in case you ever forget your password:

  • If you're using OS X Yosemite or later, you can choose to use your iCloud account to unlock your disk and reset your password.*
  • If you're using OS X Mavericks, you can choose to store a FileVault recovery key with Apple by providing the questions and answers to three security questions. Choose answers that you're sure to remember.*
  • If you don't want to use iCloud FileVault recovery, you can create a local recovery key. Keep the letters and numbers of the key somewhere safe-other than on your encrypted startup disk.

* If you lose both your account password and your FileVault recovery key, you won't be able to log in to your Mac or access the data on your startup disk. If you store your recovery key with Apple or your iCloud account, there's no guarantee that Apple will be able to give you the key if you lose or forget it.

Additional resources

If you have a personal device running Linux then it still needs to be encrypted. Luks is a common utility for Linux encryption.