Data Encryption Options for Staff and Faculty Members

Encrypting data is an additional method to keep sensitive information, such as FERPA-related information, research participant personal information, or job candidate information, hidden from those who do not need or should not have access to it. There are multiple ways of encrypting data, but two options that have been tested on campus are: VeraCrypt, a software-based encryption utility or hardware-based encrypted external USB flash drives.

Software-based encryption utility (VeraCrypt)

VeraCrypt allows a user to create an encrypted volume in a file (similar to a .zip file) or encrypt an entire hard drive to keep data secure. There are versions for Windows XP and newer, Mac OS 10.6 and newer, and Linux with kernel 2.6 and newer.

Examples of use: 

  • Create an encrypted volume, on a file share, to store sensitive information that only a few people need to access
  • Encrypt an external hard drive or USB drive for when sensitive data needs to be moved from location to location

Hardware-based encrypted external USB flash drives

Encrypted USB flash drives provide hardware-based encryption, without the need of running a separate program to get access to the data. Apricorn's Aegis Secure Key 3.0 line of encrypted flash drives offers a built-in numeric keypad to allow for users to unlock the drive before plugging it into a computer; after unlocking, it operates like a normal USB 3.0 flash drive. These encrypted USB flash drives can be used on most operating systems since the encryption happens in the drive.

Examples of use:

  • Transferring sensitive data to a colleague, without using the Internet (utilizing a shipping or courier company)
  • Storing sensitive data, when off-campus, then copying it to another secure location after returning to home base

When using drives like Apricorn's Aegis Secure Key 3.0 line, they need to be plugged in for 20 minutes at least once a week, to keep the internal battery charged for the small computer built into the drive. If the drive is used on a regular basis, it will be kept charged with typical use.

Remember your password

When using software-based or hardware-based encryption, it is imperative to remember the password/passcode for the encrypted file or encrypted hard drive. If the password is forgotten, access to the encrypted data will be lost and due to the encryption algorithm(s) used, it is not possible to “hack” into it to get the data.

Other encryption methods

There are other encryption methods not discussed here. If looking for a different software package or different hardware-based encrypted external storage, make sure the product or open source project uses AES256 as the encryption algorithm.