Stage 1: Check if your computer has already been encrypted

If your computer is already encrypted, don't encrypt again. To check if your computer has already been encrypted, follow the instructions on the UBC IT Knowledge Base.

Stage 2: Back up your computer

Mac OS X 10.3 and above

To back up your system in case of drive failure during encryption, follow these steps:

1. Ensure your Mac is plugged into a power source.
2. Connect the external hard drive to your Mac using the USB cable.
3. Time Machine should ask to use your drive, if not, follow step 4 (below) to open Time Machine manually.
4. Select ‘Open Time Machine preferences’ from the Time Machine menu in the menu bar at the top of your computer, or choose Apple menu > System Preferences, then click ‘Time Machine’.
5. Click ‘Select Backup Disk…’ and choose the ‘External Drive’. Ensure the ‘Encrypt Back Up Disk’ option is checked, then click ‘Use Disk’. Do not turn off your computer until the process completes. The backup may take several hours depending on the size of your data.
   
   
   
6. Once complete, choose ‘Backup Now’ from the Time Machine menu.
   

Stage 3: Enable FileVault to encrypt your computer

Mac OS X 10.3 and above

1. Ensure your Mac is plugged into a power source. Unless prompted, do not turn off your Mac during this process.
2. Click the Apple Menu, choose ‘System Preferences’, then click ‘Security and Privacy’.
3. Click the ‘FileVault’ tab
4. Click the lock icon and enter your credentials when prompted
5. Click ‘Turn on FileVault…’
   
6. If the Mac has multiple users, you need to enter each users’ password to enable them to unlock the disk at startup. Select ‘Enable User’ and enter the user credentials for each user account. User accounts created after enabling FileVault will have this by default. Once all users are enabled, click ‘continue’.
   
7. Choose where to save recovery key:
   1. Newer versions of Mac OS X/macOS: It is highly recommended that you allow iCloud store your recovery key using your Apple ID account (as pictured below). It is recommend that you also save a copy of your recovery key to your personal network storage drive (UBC Home Drive - Vancouver; F: Drive - Okanagan), so that IT Support Staff can assist you in the event of an incident.
   2. Older versions of Mac OS X: There is no option to save your recovery key to the iCloud with older versions. You will therefore need to create a recovery key and store it in a safe place off of the Mac, preferably in multiple safe places. It is recommend that you save your recovery key to your personal network storage drive (UBC Home Drive - Vancouver; F: Drive - Okanagan), so that University IT Support Staff can assist you in the event of an incident.
      

7. It is recommended that you create a second recovery key and store it in a safe place off of the Mac you have encrypted, preferably in multiple safe places. See the options available to users to store their encryption recovery keys in the Encryption FAQ.

How to encrypt an external USB drive using FileVault

1. Insert the USB drive
2. Control click (or right click if available) the USB drive icon that appears and choose 'Encrypt "Device Name"' from the menu (as below)
   
3. Enter and verify a password. Make sure that this password is something which you will remember. Once you have entered a password hint, then click Encrypt Disk (this may take some time)
   

Additional Resources