Encryption attempts to make information unreadable by anyone who is not explicitly authorized to view that data. People or devices can be authorized to access encrypted data in many ways, but typically this access is granted via passwords or decryption keys. There are various strengths and methods of encryption and as technology evolves, older methods of encryption are no longer considered secure. Sensitive information should be encrypted using the best method available whenever possible.
Data can be encrypted in several ways:
An example of encrypted communication is a visit to a website that is encrypted with a TLS (Transport Layer Security) session. These website URLs will begin with https:// and most browsers will display a lock in the address bar to indicate the session is encrypted. Information transferred between you and the secured website is only visible to you and the destination to which you are connected.
Part of establishing a secure connection to a website incorporates the use of certificates that attempt to verify the identity of the site you are visiting. If a certificate does not match the expected values, you may notice a certificate error in your browser. You should not navigate to websites with certificate errors, but if you must proceed, do not transfer sensitive information to that website.
Virtual Private Network (VPN)
A VPN is an encrypted network tunnel normally established by launching a VPN client on a laptop or mobile device and connecting to a destination network, such as your employer’s network. After connecting to a VPN, the network traffic originating from your computer will be routed through your employer’s network, which is likely significantly more secure than a public Wi-Fi hotspot found at airports or restaurants. In general, public internet access should be considered unsafe and if they must be used, you should connect to a VPN to add an additional layer of security to your activities.
Data saved on storage media such as hard drives or phones can usually be encrypted to prevent unauthorized access if that data were to be lost or stolen. Encryption can be applied to the entire disk or to individual files and folders. Typically this protection is accomplished via whole-disk encryption software such as Microsoft’s Bitlocker(Windows) or Apple’s FileVault (MacOS) or Data Protection (iOS). For additional security, individual files or folders can be encrypted, although this may add a level of complexity. Just as encryption will keep nefarious individuals from accessing the information without the proper keys, you can also lose access to your data if you forget the password or if the data becomes corrupt. Data corruption could occur as a result of hardware failure or abrupt power failures, so it is important to keep backups of your important data. Backups can be encrypted too.
It is important to note encryption offers no protection from data loss or theft when it is in its decrypted or unlocked state. For example, whole disk encryption would only protect against loss or theft when the device is powered off. Once the device is powered on and booted into the operating system, malicious software could read the content or modify the data.
To request encryption for your Ohio State-owned device, contact your IT department. Enterprise Security offers resources to assist departments in managing encryption effectively. Ohio Statte IT departments can request more information by visiting the Client Encryption service page.
Please note that the information on this page represents broad principles. Different devices, manufacturers and versions create exceptions, so some of the content may not applicable to your specific situation. Additionally, since technology and security threats evolve rapidly, this content could become outdated very quickly. For the most up-to-date and accurate information for your specific scenario, device and software version, please contact your IT department for university devices or consult a competent professional to ensure your personal devices are sufficiently protected.