Skip to Content

Protecting Sensitive Data: Encrypting Your Data


Data Encryption Solutions


Encryption offers protection by scrambling data, so only the owner of the key or password can read the data.

Two types of encryption are available to members of the UVa community: the VPN and hard drive/file encryption.

The Virtual Private Network (VPN): A VPN scrambles data as it is transmitted between your mobile device and a server. This allows you to access sensitive data securely stored on a remote server. It's always more secure to leave sensitive data on a server, where it is managed by a system administrator, and use a VPN to access it.

Hard Drive and/or File Encryption: When you have no option other than to store sensitive data on your hard drive, and such storage has been approved, you must encrypt your hard drive or the relevant files on your hard drive. If you lose your computer or electronic media, the encryption will protect the data, and render it invisible to anyone but you, since you alone know the password. Please see the Guidance on the Electronic Storage of Highly Sensitive Data for additional information.

VPN Encryption

Both ITS and Health Systems Computing Services (HSCS) offer a VPN solution for members of the UVa community.

Before installing: You will have to download and install a personal digital certificate, and possibly, download and install a VPN client.

If you need help: Contact your Local Support Partner (LSP), the UVa Help Desk, or the HSCS Help Desk at 434-924-5334.

Hard Drive, File/Folder, USB Flash Drive and CD Encryption


Before you encrypt data: You are strongly advised to check with your LSP and/or system administrator, before you begin the encryption process.

If you need help: Contact the UVa Help Desk; or, if you are an HSCS user, the HSCS Help Desk at 434-924-5334. If you have any questions TrueCrypt's documentation or FAQ doesn't answer, please email your questions to ispro@virginia.edu.

Data Encryption on Hard Drives Using TrueCrypt


Members of the UVa community should use 1) TrueCrypt, a free, open-source, real-time disk encryption software for Windows, Mac OS X, and Linux; 2) a reputable commercial product that encrypts with a 256-bit or larger key; or 3) for Health Systems Computing Services (HSCS) users, encryption methods the HSCS Security Office recommends.

Just choose your operating system, then download and run TrueCrypt.

Recommended: Take the Beginner's Tutorial for optimum use of this product. A window will pop up and ask, presuming you are a first-time user, if you would like to view the Beginner's Tutorial, which starts with “How to Create and Use a TrueCrypt Container.”

Support documentation:

Please note that TrueCrypt documentation, including TrueCrypt's FAQ, is also contained in the file TrueCrypt User Guide PDF file, which is included in all official TrueCrypt distribution packages. When you install TrueCrypt, the documentation is also automatically copied to the folder to which TrueCrypt is installed, and is accessible via the TrueCrypt user interface (press F1 or select Help > User's Guide).

Caveats:

TrueCrypt uses the words “volume,” “container,” and “file” as synonyms.

Administrative access is required to install TrueCrypt. It is also required to use the Traveler Mode for machines that do not have TrueCrypt installed.

Notes on Installing TrueCrypt


During the TrueCrypt installation process, you may be confused by Select File button in the Volume Location window (left). Here, Select File means you should create a new file (volume/container) for this process. Click the button, then type the name of a new file in the Specify Path and File Name dialog box that pops up.



TrueCrypt recommends you type in a very strong password. Learn more about choosing strong passwords Check the strength of the password you plan to use with a password strength checker. Important: Make sure you remember the password you create! If you forget it, you will not be able to access the files.


Once you mount the volume/container, and you see it in the TrueCrypt window (left), you can encrypt your data. Double-click the mounted volume to open it, and drag/drop or copy/paste the material into the open volume. You can also select Save from the File menu to save to the mounted volume.

Volume/Container

The mounted volume also appears as a drive in the My Computer window, and has the drive letter you assign it, which in the graphic shown below, is Local Disk (Q:).

If you want a TrueCrypt volume stored on a CD or a DVD, first create a TrueCrypt container/volume on a hard drive, and then burn it to a CD/DVD, using any CD/DVD burning software, or on Windows XP/Vista, using the CD burning tool provided with the operating system.

TrueCrypt Data Encryption on USB Flash Drives and CDs


Encrypt USB Flash Drives and CDs in the same way. To run TrueCrypt from a USB Flash Drive, allow enough space in the Flash Drive for the encrypted volume as well as the TrueCrypt Installer, an .exe file. It's also possible to encrypt the entire USB Flash Drive, in the same way you encrypt a partition or drive.

Important: Make sure you remember the password you create! If you forget it, you will not be able to access the files.

Page Updated: 2014-02-18