Encryption Newsletter

Better Protection with Encryption

By

Secure encryption is a frequently discussed and recommended strategy for protecting the information that we send, receive, and store on our devices.

Encryption is one of the best defenses against those who seek to gain unauthorized access to your digital information. Federal, state, and industry regulations governing the work we do at WashU require that we use encryption when transmitting or storing sensitive information.

Why is encryption important?

Here at WashU, we are required to comply with federal, state, and industry regulations governing the handling of protected information. The penalties for non-compliance are significant, and so is the potential damage that results when sensitive information is leaked to criminal opportunists. It is our shared duty to protect our patients, students, colleagues, and community by securing our data. Encryption is one of the best lines of defense, and The Office on Information Security has developed a resource page about encryption that you will find at the following link:

Encryption | Office of Information Security | Washington University in St. Louis

In our personal lives, encryption can help us to retain ownership of the information that we store and share. Some platforms offer end-to-end encryption, which ensures that information is only accessible to the parties included in the conversation. Correspondences and documents that are sent and received by users of end-to-end encrypted platforms can’t be read if intercepted. In fact, even the companies hosting the platform (e.g., 1Password or Proton Mail) do not have the ability to read the information in transit when it is encrypted using this method.

How does encryption work?

Encryption works by taking a plaintext message and translating it into another form that cannot be read without a decryption key. Only those who possess this key will be able to decrypt and access the information contained in the file or message. Typically, very minimal user configuration is necessary because these keys are automatically generated and delivered in the background.

What types of encryption exist?

There are many different types of encryption, but they are often divided into two main groups; asymmetric and symmetric encryption. In symmetric encryption, data is decoded using a single encryption key. This key must be shared with any users who you wish to grant access to the encrypted file. Asymmetric encryption involves using multiple keys to avoid some of the challenges with sharing private keys. Asymmetric encryption produces two keys, one public and one private, to avoid the security vulnerabilities that come with sharing private keys. In this type of encryption, the public key can be used to encrypt messages before sending them to a recipient who will then use their private key to decrypt the message. Again, only minimal user configuration is typically required. The creation and delivery of keys are usually automatically managed by the platform.

What recommendations does the Office of Information Security have regarding encryption?

Encryption Policy

The Office of Information Security has developed an Encryption Policy to help you build a safe and secure workflow that complies with regulations and policies. Please follow the link below to view this policy.

https://informationsecurity.wustl.edu/policies/encryption-policy/

Quick tips for encryption at WashU

  • Make sure your mobile device is encrypted
    • On iOS, your device is encrypted if your passcode lock is enabled. If your iOS device asks you to enter a passcode to unlock it, encryption has been enabled.
    • On Android, newer versions (Marshmallow and later) will have encryption enabled by default. Please be sure to set a passcode lock to complete the process of securing your device.
      • For older Android devices, users will still need to enable the passcode lock on the device, but they will also need to visit their ‘Security’ options in the global settings app. There, you will find an option to enable encryption for your device. Please note that the process can take a couple of hours, so we suggest doing it at a time whee your phone can remain plugged in and available until encryption is complete.
  • Make sure your computer is encrypted
    • On macOS, open ‘System Preferences’ then select “Security and Privacy.” At the top of that window, you should see an option for ‘FileVault.’ To encrypt your device, make sure ‘FileVault’ is turned on.
    • On Windows, an application called BitLocker handles encryption. For step by step directions for enabling BitLocker on your Windows machine, please see the link below.
  • Send encrypted emails through Outlook
    • Typing ‘[PRIVATE]’ into the subject line of an email will encrypt its contents. Be sure to surround the word ‘secure’ with square brackets. Additional information and step by step instructions can be found at the following link.
  • Develop and implement good practices involving passwords
    • While this isn’t directly encrypting your information, it will decrease the likelihood that an attack on your accounts and systems will cause a significant breach. Several strategies should be in place when developing passwords, including never using the same password twice, never sharing passwords even with family and friends, creating complicated passphrases that are easy to remember but difficult to crack, and using a password manager to help strengthen and retrieve passwords for you.

Where can I get help with encryption at work?

Your departmental or school IT support staff should be able to assist in determining which of your devices need encryption software enabled or installed.

If you have additional questions, please reach out to the Office of Information Security by emailing infosec@wustl.edu .