Encryption Best Practices
Encrypting is frequently compared to ‘locking’ a drive. A ‘key’ or ‘pin’ is generated and no one can access the drive unless they have an authorized account on the machine or the key or pin. This means data on a drive cannot be obtained by using software tools to clear or reset a user’s password, or by removing the drive from the computer and reading it directly.
Individuals using encrypted laptops see no difference in performance, and do not need to enter additional information when logging in. They will have a copy of the encryption recovery key/pin to use in case of emergency, and their IT Professional will also store a copy. Note that:
- BitLocker will be used for Windows 7 laptops.
- FileVault2 will be used on Macintosh laptops.
- A regular backup strategy is expected to be in place for computers with encrypted drives.
- Your IT Professional may encrypt the hard drive with the customer present to help everyone better understand the process and importance of keeping the authentication keys secure.
- ASCS will securely store the recovery key in an encrypted file.