The Catholic University of America

Tips for Encrypting Data in Common Programs

The safest place to work on sensitive data is on your CUA staff or faculty computer, while on campus. The safest way to work on sensitive administrative data is through the administrative system interface, not by downloading it into a file or another program. However, in the event that you must take sensitive data with you off campus or temporarily store it on a portable device such as a notebook computer, external disk drive, USB flash drive, DVD, or CD-ROM, there are some steps you can take to encrypt the data to protect it.

Contents

What is Encryption? Is it the same as password protection?

Encrypting data is a process wherein the actual text of your files is replaced by apparently random letters, numbers, and punctuation. With the correct password, however, this "random" data can be translated back to readable information.

Example:

John Doe's Student ID is 1234567

might encrypt to

a3489nvnaw23k4sfnak32oinsfaoe32mfawefa

Now, even if someone were to steal the data, they cannot make use of it without the password you used to encrypt it.

This process is not precisely the same as password protecting information, but in general putting a password on a file implies that its content will be encrypted, and encryption requires a key - typically a password. So, you are usually safe in equating the two processes.

Back to top ^

Best practices for encryption and password protection

There are some risks and pitfalls with encryption that you should be aware of:

  1. Don't encrypt your only copy of data. If you download a report that you need to transport by USB flash drive, save a copy of the data on the flash drive in encrypted format. Leave the primary report in the original system that created it. For example, if you need to transport a report from Cardinal Financials, save the report in encrypted format directly to the flash drive. You can retrieve the original report from Cardinal Financials.
  2. Don't forget your password. Most advanced encryption tools cannot be reverse engineered; if you forget your password, the file is useless. This is the basis for rule 1.
  3. Encrypt data on portable media regardless of how far it is going. The majority of data loss through theft occurs on the original premises, not while on the road. If you put a report on a laptop that is "never supposed to leave campus," make sure it is encrypted. Experienced thieves work college campuses where technology is plentiful and the environment less controlled than in a corporate office. 

Back to top ^

Encryption for Microsoft Office files

Documents created in Microsoft Office can be saved with encryption. To do so, follow these steps.

  1. Click the File tab on the ribbon menu.
  2. Click Info.
  3. Click the Protect Document pull-down button, and then select Encrypt with Password.
  4. In the Encrypt Document box, type a password, and then click OK.
  5. In the Confirm Password box, type the password again, and then click OK.

Don't forget the password that you used to encrypt the document, since it cannot be recovered. If you do forget it, the file is unusable.

Encrypted Flash Drives

Consider using a FIPS 140-2 Level 3 certified USB flash drive with hardware encryption. Some of these have a keypad right on the drive itself.

Example: Apricon Aegis Secure Key

The entire flash drive with all its contents are encrypted.

Again, don't forget the password that you used.  If you need to reset it because you forgot it, all the data stored on the flash drive will be lost.

 





 

Back to top ^