What is Encryption?
Encryption is a method of preventing unauthorized access to electronic data. It is used to protect data on devices such as computers, laptops, cellphones, or USB sticks. It can also be used to protect data during transmission. For example, after you enter your credit card details to purchase something online, your computer automatically encrypts that data so that others cannot steal this information when it is transmitted over the internet.
Encryption is imperative for sending sensitive information, securing your documents, keeping your email private and, ultimately, it allows for peace of mind if a computer is misplaced, lost or stolen.
What Happens When I Encrypt My Devices?
Encryption is the process of scrambling information, making it unreadable to protect it from unauthorized access. When data is encrypted you need a key, usually a password, to make it readable again.
Encrypting your computer and mobile devices is one of the most important controls in securing your personal information and UBC’s data.
Why Should I Encrypt My Devices?
At UBC, we are regulated by the Freedom of Information and Protection of Privacy Act (FIPPA), which requires us to protect personal information from unauthorized collection, use, or disclosure.
Security breaches can cause significant time, money, and stress costs and harm the university's reputation. But if your device is misplaced, lost or stolen, encrypted data will be unreadable without a password.
Devices are replaceable; personal or private information is not.
Concerned about travelling with an encrypted mobile device? Learn about travelling with electronics.
How to Encrypt Your Own Device
If you are using your own personal (non-UBC-supported) device to access UBC Electronic Information and Systems, then it is your responsibility to ensure that it is encrypted in compliance with the UBC Information Security Standard U5, Encryption Requirements. To check your computer to see if it has been encrypted, follow the instructions on the UBC IT Knowledge Base.
Linux
Both VeraCrypt and dm-crypt/LUKS are common encryption options, allowing a user to encrypt either a full disk during installation or a new volume.
To ensure compliance with UBC Information and Security Standards, refer to Encrypting workstations using operating systems other than Microsoft Windows and Apple macOS (e.g., Linux).
Full Disk Encryption
Most modern versions of Linux offer full disk encryption as an option during installation. This is usually a straightforward step that involves checking a box and setting a security key. The exact steps will vary depending on which version of Linux you use. See the example for Ubuntu in Figure 1 below.
You must remember your password which unwraps the security key. It is isolated on your device, and UBC IT will not have access. You will be required to enter this password at every boot, and you will no longer be able to remotely reboot your system.
It is recommended that you save a copy of your security key (not password) to your personal network storage drive (UBC Home Drive - Vancouver; F: Drive - Okanagan), so that University IT Support Staff can assist you in the event of an incident.
There is no easy way to encrypt a system that is already built. To set-up full disk encryption on devices that already have Linux installed, the only way is to backup all your data, reinstall Linux (with encryption enabled), reinstall all your applications and then restore your data.
Due to operability or performance constraints, this is not always viable. Please see the guidance from Information Security Standard U5, Encryption Requirements
Encrypting a partition or new volume
Native tools are available in common Linux desktops are available to encrypt a new volume or partition.
Online Guides
- Cryptsetup and LUKS - open-source disk encryption
- VeraCrypt (downloadable software packages and installation instructions)
- Securing Red Hat Enterprise Linux
- How to Encrypt a Drive on Ubuntu
