Encryption for Personal Computers

Encryption protects the contents of a computer's hard drive so that in the event of stolen hardware, the data on that hard drive has some level of protection from bad actors. Encryption is required if an SPU employee wishes to work with SPU-owned data on a personal computer. SPU-owned and supported computers should have encryption enabled by default. If you have questions regarding encryption on your SPU-owned device, contact the /wiki/spaces/CISHD/overview.

Personal devices are not supported by SPU or CIS. Individuals who turn on encryption on their personal computers are responsible for every aspect of encryption on that device. This includes turning encryption on or off, properly storing or maintaining any recovery materials, and conducting recovery or troubleshooting if issues arise.

Bitlocker Encryption on Windows

Available on Windows 10 Pro.

  1. Sign in to your Windows device with an administrator account (you may have to sign out and back in to switch accounts). For more info, see Create a local or administrator account in Windows 10.
  2. In the search box on the taskbar, type Manage BitLocker and then select it from the list of results.
    1. Or you can select the Start  button, and then under Windows System, select Control Panel. In Control Panel, select System and Security, and then under BitLocker Drive Encryption, select Manage BitLocker.
    2. Note: You'll only see this option if BitLocker is available for your device.
  3. Select Turn on BitLocker and then follow the instructions.

If your device does not have Bitlocker available, you may turn on Windows 10 Device Encryption. Learn more on Microsoft's website. 

FileVault Encryption on Mac OS

Available on Mac OS X Lion (10.7.5) and Later.

  1. Choose Apple menu () > System Preferences, then click Security & Privacy.
  2. Click the FileVault tab.
  3. Click Locked, then enter an administrator name and password.
  4. Click Turn On FileVault.
    1. If other users have accounts on your Mac, you might see a message that each user must type in their password before they will be able to unlock the disk. For each user, click the Enable User button and enter the user's password. User accounts that you add after turning on FileVault are automatically enabled.

  5. Choose how you want to be able to unlock your disk and reset your password, in case you ever forget your password:  

    1. If you're using OS X Yosemite or later, you can choose to use your iCloud account to unlock your disk and reset your password.

    2. If you're using OS X Mavericks, you can choose to store a FileVault recovery key with Apple by providing the questions and answers to three security questions. Choose answers that you're sure to remember.
    3. If you don't want to use iCloud FileVault recovery, you can create a local recovery key. Keep the letters and numbers of the key somewhere safe—other than on your encrypted startup disk. 

For more information on FileVault, including how to turn it off, go to Apple's website.