Encryption – protecting our data

We have agreed with our auditors that all college laptops will be ‘encrypted’. This means that if anyone found (or stole?) a college laptop they wouldn’t be able to read the data on there. Our information security policy says that personal data, for staff or students, shouldn’t leave the college. If you need to access EBS, Trent or ProMonitor from outside the college you can do so using the ‘RDS’ portal. That way the data never actually leaves the site.

However, we do recognise that there may be circumstances where this can’t be avoided, and this is the reason for the encryption. Well, that and trying to avoid the newspaper headlines when someone does lose a laptop.

For the purposes of this article there are two sorts of laptop. The ‘Enterprise’ ones (most of the Dells) have a thing called a TPM chip in them. This is used to uniquely identify that laptop so that if the hard disk is removed it can’t be read by another computer. With this in place security depends entirely on your password. Never… Ever… leave anything with a laptop that has the password written on it.

The other sort of laptops that we have are ‘Consumer’ laptops. These don’t have the TPM chip in them. Instead they need a USB drive that you insert when you turn the laptop on. Without the drive being present the machine won’t load. When we encrypt one of these laptops we will give you a USB drive that you need to keep safe. We have some small ones that will fit on your car key ring for example. If you do lose it, we can recover the data on the computer. The thing to remember with these ones is, in addition to not keeping your password with the laptop; Never… Ever… leave the USB drive with the laptop.

All new laptops that we issue will be encrypted and we will have to recall all others over the next few months.