Information Technology has been busy updating our security defenses. To achieve our goal to ensure sensitive and critical data are secure and available, we have adopted a new Encryption Policy. In the event that a computer is lost or stolen, information on that computer will be protected from unauthorized access. Encryption is essential as numerous security threats have impacted the safety of Medical School data as well as the safety of data throughout the industry and the world. The Encryption Policy applies to all areas of the Medical School including students, faculty, researchers, administrators, Commonwealth Medicine, and MassBiologics.
University provided McAfee Endpoint Protection Encryption for Windows and FileVault for Macs are compliant with the Encryption Policy. All computers that use, store or access UMMS data must be encrypted to prevent unauthorized disclosure. UMMS IT will begin pushing encryption to those unencrypted computers beginning January 11th through January 13th. Mobile devices will receive encryption on January 20th.
Encryption Preparation Steps
- Move files to H Drive or Departmental Drives from your local desktop – this will ensure you have a backup of all your documents.
- Ensure your computer has access to the University’s network. For IT to push encryption, the computer must be connected to the network. The computer must be on the network for all 3 days.
- Ensure your computer is turned On (If you’re computer turns off, it’s no big deal. Once the computer’s turned back on, the process will resume).
- It’s best to keep the computer either plugged into a charger to keep the battery full, or to keep the charger for the computer handy so if you’re low on battery you can plug the device in for the 3 days.
- For Macintosh computers, please enroll in Self Service Tool for Macs.
- If your computer will be out of the office during this time period (you take it to a conference), you will receive encryption upon returning and connecting to the UMMS network. Similarly, if your computer is off, the next time it’s turned on and connected to the UMMS network, the encryption process will kick off.
Below is a video depicting what to expect when your computer is being encrypted:
Encryption for UMMS Windows Users
To determine if your computer is already encrypted:
- You can check the system status by clicking on the McAfee icon in the system tray -> "Quick Settings" -> "Show Drive Encryption Status"
- If you have an older computer, you may have checkpoint encryption. In your system tray, a picture of a yellow lock will be present. If you "hover" your mouse over the yellow lock, a pop up will appear on the status of encryption.
- Move all your files to your H drive. This will ensure that you have a backup of all of your documents.
- Close all running applications and close all documents by 6:45pm the day you are scheduled for encryption.
- Please leave your computer powered on and running. (Just log out of your computer).
To keep software versions current, we periodically deploy upgrades to the McAfee Drive Encryption software that we use at UMass Medical School to encrypt Microsoft Windows based computers. The upgrade is silent and runs in the background. Once the update completes, you will see the following prompt below asking to restart your machine.
You will have approximately 2 hours and 45 minutes to click the Restart button, before the system is automatically restarted. Please save all your work and close all your open applications before clicking the “Restart” button. Please do not click the “Cancel” button, as that will just delay the upgrade.
Encryption for UMMS Mac Users
From the command line (either remotely, or locally) enter the following command string: sudo fdesetup status.
Another way to determine if your Mac has FileVault enabled [on].
Click the Apple icon in the upper left area of your screen, and choose System Preferences.
In System Preferences, click on Security & Privacy, then the FileVault tab.
Look for the text “FileVault is turned on for the disk “Macintosh HD” to confirm the status.
To encrypt with FileVault, your Mac must be installed with Casper. IT will be "pushing" Casper to all Mac users, but you can also enroll your Mac with Casper Self-Service.
Once completed, open the Self Service application.The FileVault 2 Option will show on featured page. Click install.
Follow the steps on the Casper Self Service site, than follow these directions on how to enable encryption:
- A message will appear about the machine rebooting. Click install again.
2. The computer will reboot and you will need to log in. Once you enter your username and password this message will appear. Click Enable Now.
3. The system will prompt with "Enabling FileVault on your volume". Click OK.
4. When you turn on FileVault on your Mac, if the system will asks you to store your key on tss, please select yes.
How do I encrypt my mobile device?
For those mobile devices (i.e. iPhone, Android) that sync UMMS email, your mobile device will be encrypted on January 20th.
See Mobile Device Encryption for additional information.
How do I obtain an encrypted thumb drive / USB drive?
Encrypted thumb drives, portable drives, etc can be purchased conveniently through staples, Amazon, etc. Please reach out to Information Security at ITSecurity@umassmed.edu if you have questions about encrypted drives.
Option: GovConnection, in the ByWays, has: Imation USB 3.0 Secure + HW Encrypted 8GB: $19