Security :: Encryption

Printer-friendly versionSend to friendPDF version

Encryption is the transformation of data into a form unreadable by anyone without a secret decryption key. Its purpose is to ensure confidentiality and privacy by keeping the information hidden from anyone for whom it is not intended. For example, one may wish to encrypt files on a hard drive to prevent an intruder from reading them. When an entire hard drive is encrypted, all the data on the drive is protected from unauthorized access if the computer is lost or stolen. Encryption can also be used to protect sensitive files that are sent through email or sensitive communications sent over the network. For more information, please refer to the pages linked below:

Strong encryption is the term we use to describe the minimum strength of encryption appropriate for use with Level 1 protected data. Strong encryption is 256-bit encryption and complies with ICSUAM Policy Information Security Asset Management Section 8065Information Security Asset Management, Standard 8065.S0.

No single encryption tool works for every situation. We've outlined below the major types of encryption, with some examples of tools that can be used with each type, but there is one important thing to remember about any encryption process: it is either extremely difficult or completely impossible to decrypt encrypted data if the password is lost.

If you have any questions or concerns about encryption, please talk with your ITC or the Information Security Office before proceeding.

File Encryption

File encryption is designed to protect stored files or folders. HSU recommends the following file encryption programs; additional information is available by clicking on each product name. Caution: With the exception of PGP Desktop/Netshare, data in encrypted files are not retrievable if the encryption key is lost.

Following are examples of file encryption software:

  • 7-Zip is an open-source, free utility that provides AES 256-bit encryption for files and folders under Windows 7/Vista/2008/2003/2000
  • Disk Utility encryption software is built into Macintosh OS X
  • Symantec PGP Desktop/Netshare is licensed by HSU for encrypting files and shared folders and for shredding digital documents.

The following productivity tools let you password-protect and/or encrypt individual files:  

Disk Encryption

Disk encryption safely protects all the data stored on a hard drive. When the entire hard disk is encrypted, everything on that disk is protected if the computer is lost or stolen. HSU recommends the following drive encryption programs for non-portable storage devices. Click the appropriate link for more information on how to use each program:

Encryption for Portable Storage

HSU recommends the following encryption methods for protecting files and folders stored on portable storage devices such as, USB sticks, external hard drives and other mobile devices. Click the appropriate link below for more information on how to use each program:

Email Encryption

Emails may be encrypted and/or authenticated to prevent the contents from being read by unintended recipients. Please ask your ITC or the Information Security Office if you believe you need to encrypt email messages.

Network Encryption

It is possible to encrypt entire networks, which may be desirable in certain situations. If you think this may be relevant to you, please contact your ITC or the Information Security Office.

Note on Server SSL Certificates

SSL certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, the certificate activates the padlock icon and the https:// protocol you see on banking, e-commerce and other secure sites and allows secure connections from the web server to your browser. Typically, SSL is used to secure credit card transactions, data transfer and logins, and is becoming widely used on social media sites.