Encryption

Encryption

Information Technology has been busy updating our security defenses. To achieve our goal to ensure sensitive and critical data are secure and available, we have adopted a new Encryption Policy. In the event that a computer is lost or stolen, information on that computer will be protected from unauthorized access. Encryption is essential as numerous security threats have impacted the safety of Medical School data as well as the safety of data throughout the industry and the world. The Encryption Policy applies to all areas of the Medical School including students, faculty, researchers, administrators, Commonwealth Medicine, and MassBiologics. 

Encryption Compliance

University provided McAfee Endpoint Protection Encryption for Windows and FileVault for Macs are compliant with the Encryption Policy. All computers that use, store or access UMMS data must be encrypted to prevent unauthorized disclosure. UMMS IT will begin pushing encryption to those unencrypted computers beginning January 11th through January 13th. Mobile devices will receive encryption on January 20th.

Encryption Schedule

Given the number of computers that require encryption, computers will be impacted during rolling deployments applied throughout the timeframe below:
January 11th from noon – 4PM
January 12th from 7AM – 4PM
January 13th from 7AM – 4PM

If you have a valid business reason for requiring a different date, please complete our reschedule form.  All forms must be submitted no later than January 9th to ensure your encryption date is changed. 

Encryption Preparation Steps

  • Move files to H Drive or Departmental Drives from your local desktop – this will ensure you have a backup of all your documents.
  • Ensure your computer has access to the University’s network. For IT to push encryption, the computer must be connected to the network. The computer must be on the network for all 3 days. 
  • Ensure your computer is turned On (If you’re computer turns off, it’s no big deal. Once the computer’s turned back on, the process will resume). 
    • It’s best to keep the computer either plugged into a charger to keep the battery full, or to keep the charger for the computer handy so if you’re low on battery you can plug the device in for the 3 days.
  • For Macintosh computers, please enroll in  Self Service Tool for Macs
  • If your computer will be out of the office during this time period (you take it to a conference), you will receive encryption upon returning and connecting to the UMMS network. Similarly, if your computer is off, the next time it’s turned on and connected to the UMMS network, the encryption process will kick off.

 

Below is a video depicting what to expect when your computer is being encrypted:

Click to Play

Encryption for UMMS Windows Users

Check if your Windows computer is already encrypted

To determine if your computer is already encrypted:

  • You can check the system status by clicking on the McAfee icon in the system tray -> "Quick Settings" -> "Show Drive Encryption Status"

              Step2

  • If you have an older computer, you may have checkpoint encryption. In your system tray, a picture of a yellow lock will be present. If you "hover" your mouse over the yellow lock, a pop up will appear on the status of encryption.

What to expect on the day of encryption

  • Move all your files to your H drive. This will ensure that you have a backup of all of your documents. 
  • Close all running applications and close all documents by 6:45pm the day you are scheduled for encryption. 
  • Please leave your computer powered on and running. (Just log out of your computer).

Encryption for UMMS Mac Users

Check if your Mac is already encrypted

From the command line (either remotely, or locally) enter the following command string: sudo fdesetup status. 

                                      ~or~

Another way to determine if your Mac has FileVault enabled [on].

Click the Apple icon in the upper left area of your screen, and choose System Preferences.

 Step1

In System Preferences, click on Security & Privacy, then the FileVault tab.

 

Look for the text “FileVault is turned on for the disk “Macintosh HD” to confirm the status.

How can I encrypt my Mac?

To encrypt with FileVault, your Mac must be installed with Casper.  IT will be "pushing" Casper to all Mac users, but you can also enroll your Mac with Casper Self-Service

Once completed, open the Self Service application.The FileVault 2 Option will show on featured page. Click install.

Follow the steps on the Casper Self Service site, than follow these directions on how to enable encryption:

 FileVault

  1. A message will appear about the machine rebooting. Click install again.

FileVault2

       2. The computer will reboot and you will need to log in. Once you enter your username and password this message will appear. Click Enable Now.

Enable

       3. The system will prompt with "Enabling FileVault on your volume". Click OK.

Setup

       4. When you turn on FileVault on your Mac, if the system will asks you to store your key on tss, please select yes.

How do I encrypt my mobile device?

For those mobile devices (i.e. iPhone, Android) that sync UMMS email, your mobile device will be encrypted on January 20th.  

See Mobile Device Encryption for additional information. 

How do I obtain an encrypted thumb drive / USB drive?

Encrypted thumb drives, portable drives, etc can be purchased conveniently through staples, Amazon, etc. Please reach out to Information Security at ITSecurity@umassmed.edu if you have questions about encrypted drives.
Option: GovConnection, in the ByWays, has: Imation USB 3.0 Secure + HW Encrypted 8GB: $19

Why do I need to encrypt my computer?

To ensure sensitive and critical data is secure and will be protected from unauthorized access, in the event of a computer being lost or stolen.  Any computer that uses, stores or accesses UMMS data must be encrypted as per our encryption policy.

Does encryption slow down my computer?

The current version of McAfee Encryption that we are deploying into our environment, should not impact workstation speed or performance.

I only check my UMMS email by logging into webmail. Do I still need to encrypt my mobile device?

A: To be compliant with UMMS policy, all devices that access UMMS data should be encrypted. That being said, IT does not have the capacity to encrypt your device if you check UMMS email via webmail. 

What will happen if I’m sitting in front of my computer when it starts encrypting?

Encryption occurs in the background, so you can use your computer while it’s encrypting. Prior to the encyption process beginning, your computer will need to be restarted. Click here to watch the video example.

What will happen if my computer is already encrypted?

If your computer’s already encrypted, nothing will happen! 

What if I have a Mac?

Your computer cannot be encrypted without first installing “Self Service”. If you have not already done so, please enroll in Self-Service Tool for Macs prior to January 11th.

What about personally owned computers?

Personally owned computers are not part of this initiative.

▴ Back To Top