Computer Encryption FAQs
What is computer encryption?
Computer encryption (or whole disk encryption) is a technology that protects information on computers from unauthorized access. Encryption converts data into unreadable code that cannot be easily deciphered. This protection is more extensive than typical security features, such as securing your system with a password or encrypting individual files.
Does Texas State computer encryption support self-encrypting drives?
For Windows computers, BitLocker Drive Encryption is compatible with self-encrypting drives (OPAL).
How secure is computer encryption?
BitLocker Drive Encryption uses AES 256-bit encryption. FileVault 2 uses full disk XTS-AES 128-bit encryption. Both satisfy all industry, state, and university computer encryption standards.
Why is computer encryption necessary?
Computers pose a high security risk of data loss. Texas State must take all necessary precautions to protect sensitive and confidential information.
If an unencrypted computer is lost or stolen, others may be able to recover some or even all of the information with little effort. Encryption is a method to protect the data on your computer from theft, misuse, and loss.
Should desktop and laptop computers both be encrypted?
Yes. Texas State is moving toward encrypting university-owned laptop and desktop computers.
What steps do I take to complete the computer encryption process?
ITAC or your department Technical Support Person can assist with computer encryption.
Will my computer be encrypted if I leave campus?
Yes. After the initial encryption setup, your computer will remain encrypted while on or off campus.
Will computer encryption affect my computer's performance?
Encryption will cause a nominal reduction in performance that should not be noticed by the average user.
Can I take my computer home to complete the computer encryption process myself?
No. ITAC or your department's Technical Support Person (TSP), must install encryption for you.
What types of devices require computer encryption?
Both desktop and laptop computers should be encrypted. Regardless of operating system, all university-owned computers should be protected via encryption or by using an alternate method that has been approved using the Texas State Device Encryption Exception process.
Can faculty and staff opt out of computer encryption?
Texas State-owned computers must be protected by BitLocker or FileVault. The only exception to this policy is by gaining approval thorugh the Texas State Device Encryption Exception Request process.
When my computer is encrypted, do my files ever become unencrypted?
When you log into your computer, your data immediately becomes unencrypted so that you can access it. When you log out out of the computer or turn if off, it becomes encrypted again.
If I travel internationally, will computer encryption cause any problems?
You have specific responsibility under export control regulations when you travel outside of the United States. If you are traveling outside of the United States with your computer, all data on your device (including proprietary information, confidential records, and encryption software) is subject to export control regulations.
If you are planning to take your Texas State-owned computer outside of the USA, please contact the Office of Research Compliance for specific instructions. Additional information can be found on IT Security's information page on International Travel with Encryption.
If my computer is encrypted, is my data totally safe?
When you are logged out, the data is encrypted and cannot be accessed without the login password. This is true even if the hard drive is moved to another computer or if normal system boot procedures are by passed.
When you are logged into the computer, it is not encrypted at that time. Your data is still vulnerable to network attacks, password guessing, viruses, malware, and other types of compromises.
I encrypted my Texas State-owned computer myself. How do I become Texas State computer encryption compliant?
Your computer will need to be unencrypted and re-encrypted using Texas State approved encryption methods. Contact ITAC for instructions on how to proceed.
Once my computer is encrypted, can I store confidential information on it?
It is not advisable to store confidential information on your computer hard drive. There are business needs which require you to download or temporarily save confidential information on a computer; however, once your business task is complete, you should remove the confidential information from that computer. Ensure that you always remain compliant with UPPS 04.01.01.
Am I eligible to encrypt my personal computer through Texas State computer encryption?
Texas State's encryption program is intended for university-owned computers.
Multiple software applications exist to encrypt your personal Windows computer. Mac computers OS 10.7 (Lion) or later automatically have FileVault 2 installed but not activated.
NOTE: Never store Texas State confidential information on personally-owned computers.
If I use software to back up my computer, will the backups be encrypted?
No. Backup software must have its own encryption solution. Any data accessed by software, including backup software, will be transparently unencrypted before use. If the backups contain confidential information, be sure the backup media or files are encrypted.
Do computer encryption policies apply to tablet computers (iPad or Android devices)?
No. Be advised that you should never store confidential university data on these types of devices.
If I copy files from my encrypted computer to an unencrypted external device, will the information still be encrypted?
Any data that is copied to an unencrypted external device or location that is not encrypted will not be protected. Texas State policy does not allow the storage of confidential information in an unencrypted location.
Examples of unacceptable storage locations for university confidential information:
- Unencrypted thumb drive or flash drive
- Cloud storage (examples: DropBox, iCloud, or OneDrive)
- Unencrypted Smart Device (tablets, iPads or Android devices)
Examples of acceptable storage locations for university confidential information:
- Encrypted thumb drive or flash drive (e.g., IronKey)
- Encrypted external hard drive (e.g., Apricorn Aegis Padlock)
How is computer encryption different from the Virtual Private Network (VPN)?
Computer encryption protects the data stored on your hard drive. The VPN protects data traveling from one Internet connection to another.
My computer is not a Windows or Mac. Should it still have computer encryption?
Computers with operating systems other than Windows or Mac (e.g., Linux OS) must have a completed and approved Texas State Device Encryption Exception Request on file.
Why does my encrypted Windows computer screen keep locking?
Windows 7 computers that use McAfee Endpoint Encryption are configured to lock Windows computer screens after 15 minutes of inactivity (e.g., no keyboard or mouse clicks).
Windows 10 computers are encrypted with BitLocker Drive Encryption and can be configured to lock the computer based upon the individual user's preference.
NOTE: Computers are only protected when locked. If a computer is unlocked and inactive, the data is unprotected, vulnerable, and in an unencrypted state.
Will computer encryption cause problems with any of the software application I use?
Encryption should not cause problems with software, and you should not see signs that the computer is encrypted.
Because of the level of security that encryption provides to computer data, using data migration tools like Apple’s Migration Assistant to transfer files between two computers may not function properly. Please use alternative methods of migrating data and settings from one computer to another.
What should I do if my encrypted computer is stolen or lost?
If your computer is lost or stolen, immediately contact your department head. The department head must report suspected or actual losses or theft of property first to the University Police Department (UPD), then to the Director of Materials Management.
IT Security is responsible for investigating any loss or exposure of university confidential information, and they will notify additional state agencies if necessary. See UPPS 05.01.01 for more information.
If a theft occurs while you are away from campus, contact the local authorities to report the incident.
Can faculty and staff select their own method of computer encryption for Texas State-owned computers?
No. Texas State-owned computers should adhere to the official university computer encryption solutions:
- File Vault 2 for Mac
- BitLocker for Windows
Texas State must be able to demonstrate that all data residing on a lost or stolen computer was encrypted when the computer disappeared. Otherwise, confidential data on the computer may be considered exposed and all regulatory notification requirements must be met.