Information Technology

Data Encryption

Under Massachusetts law, one should take special precautions when handling personally identifiable information on a computer, external hard drive, shared network drive, and/or flash drive. Encrypting the computer hard drive and/or external device is a secure way to protect the data in case of theft or loss of the item.

Windows-based PCs

All IT-managed Windows-based laptops will be protected using BitLocker Technology. BitLocker is a disk encryption technology from Microsoft that protects the disk (and your data) from being read if it is stolen. BitLocker is available in Ultimate and Enterprise versions of Vista and Windows 7 and the Professional and Enterprise versions of Windows 8.

How BitLocker works

When powering on a laptop protected by BitLocker, you will be prompted to enter your PIN. The PIN is set just once for the entire laptop, so any valid users of the laptop must have access to the PIN.  Once the PIN has been entered, the machine will boot normally to the log in screen.  Once you have entered your credentials, this completes the two-part encryption and the data on the laptop is no longer protected by BitLocker (until log-off or shutdown).  When transporting, the laptop should either be hibernated or powered off as this ensures the PIN must be entered again to regain access.

Creating your PIN

When an IT-managed laptop is issued, you must set your PIN in person with the IT representative. This PIN will be required whenever the laptop is powered on after shutdown, or when awakening after hibernation. The PIN must be at least 6 alphanumeric characters long.

Your PIN should never be stored with the laptop computer.

Will BitLocker affect the performance of my laptop?

The performance implication of encrypting your laptop system disk with BitLocker technology is minimal. Microsoft suggests that the overhead is around 3-5% on a modern laptop.

What if I forget my PIN or need to change it?

If you forget your PIN, the data on the laptop can be recovered by the IT Desktop staff that have authorized access to a recovery key that can be used to gain access to the PC and/or decrypt the disk. Contact the IT Service Desk in the event you have forgotten your PIN or need to change it.
You will need to bring your laptop to an appointment with a member of IT Desktop Support to have your PIN changed.

Macintosh computers

University owned Macintosh computers can be protected in a similar manner with Apple’s FileVault encryption.  Newer machines will have the whole-disk encryption capability with FileVault 2, while machines with 10.6 (Snow Leopard) and older can use Home folder encryption with FileVault.

If you have any further questions, or would like to schedule a service appointment to have your computer encrypted, please contact the IT Service Desk at 617-287-5220 or email to ITservicedesk@umb.edu.