Encryption Options

The KU Privacy Office recommends the use of encryption for the transmission and/or storage of Confidential or Sensitive Information.

Tools for assessing privacy needs can be found at the KU Privacy Office website. Tools and resources to maintain the security of information and the technology we use to manage it can be found at the KU IT Security Office website.

For More Information or questions regarding types of Information and handling practices, please contact the KU privacy office.

Loss of private information by an enterprise can lead to loss or damage to reputation of the enterprise and potentially damage to individuals. There are numerous reasons to encrypt data in transit. The costs to the person with a stolen identity, as well as to the enterprise for loss of data, is rising (see article). Perhaps one of the best reasons is, “Why Not Encrypt?” There is minimal cost to encryption (University covers e-mail encryption) and whole disk encryption (WDE) is available for as little as $30/year/license. The benefits far outweigh the costs.

Before deploying or evaluating any Whole Disk Encryption (WDE) solutions or technologies, departments and units are encouraged to first contact the IT Security Office at itsec@ku.edu.

Email Encryption

Encryption can apply to either the transmission of information (such as information traveling via e-mail) or the storage of information (known as information “at rest”). In very basic terms, e-mail encryption is a way to send a message in code or scrambled so that it cannot be read by anyone but the intended recipient. The only person who can decode the message is the person with the correct “key.” To anyone else intercepting the message, it will look like a random series of letters, numbers, and characters. Encryption is especially important if you are trying to electronically send sensitive information that no one but the intended receiver should be able to access. Thus, e-mail encryption allows the user to secure the information in transit from point A to point B.

The University of Kansas has begun to make e-mail encryption available. Consult with your Department or Unit head regarding requesting Email or WDE and consult with your Technical Liaison for installation once approved.

• KU Digital Credentials for e-mail Encryption

Whole Disk Encryption

WDE is a method of scrambling or encrypting the information at rest in an electronic storage device (such as a desktop, laptop, etc.) by means of an algorithm that conceals the information stored on a system and dramatically increases the security and privacy of the information. WDE is a “best practice” for the security and confidentiality of sensitive data, both in transit (traveling) or at rest (stored in a unit), and recommended for all laptops holding private data such as personally identifiable information about students, faculty, staff, donors, alumnae, etc.

Before deploying or evaluating any WDE solutions or technologies, departments and units are encouraged to first contact the IT Security Office at itsec@ku.edu.

USB Flash Drive Encryption

Scrambling or encrypting confidential or sensitive data stored on a mobile device such as a flash drive is important to the security of the data while in transit or while at rest. One option for encrypting a flash drive is to purchase a flash drive that has software already built-in that you can utilize to encrypt the drive. Another option is to choose TrueCrypt, a free, open-source encryption application that works on Windows, MAC, and Linux systems (cross-platform). MAC offers File Vault as an alternative for securing data/files. For information on TrueCrypt visit their website.

• How to Encrypt a Flash Drive with TrueCrypt