Skip to main content

Encryption converts data—letters, numbers, and symbols—into undecipherable code. De-crypting that code requires a unique key which makes the encrypted hardware or file considerably more secure.

Encryption is the best available solution for protecting sensitive data. By encrypting your data, you can protect yourself and the University from the negative impacts (publicity and financial costs) of a data breach.

Encryption can be applied to a “full disk” (internal/external hard drive or thumb/flash drive) or to individual files/folders, including email messages.

Types of Encryption

  • Full-Disk Encryption: The Information Security Control Standards recommends that Windows or Mac workstations or laptops that store or access Tier 3 sensitive information have full-disk encryption of their hard drives applied. For more detail on full disk encryption, see Full Disk Encryption Guidance or talk with your local IT support staff. Two encryption programs are supported here at UNC-Chapel Hill: MS Windows BitLocker and Apple File Vault.
  • Encrypted Flash Drives: In the event that a flash drive is required for sensitive information, please refer to the following Encrypted Flash Drive Guidance.
  • File Encryption: If you work with Tier 2 data, the Information Security Control Standards recommend that you encrypt individual files, if you don’t want to encrypt your hard drive. The preferred method of file encryption for standard Microsoft documents (Word, Excel, Outlook, PowerPoint, Access, OneNote, etc.), is Rights Management. Any of the Rights Management options encrypts the file. The type of restriction determines the type of key. For example, if you restrict access to a document to an individual, only that person (as determined by their Onyen) will be able to read the document. A detailed Help document on Rights Management is under development by ITS-Help. In the meantime, your local IT support staff can help you get started.
  • Adobe files can be encrypted by setting a password and/or restricting printing or editing.
  • Non-Microsoft files can be encrypted by:
  • Email Encryption: If you use MS Outlook, emails can be encrypted using Rights Management, like any other Microsoft application. If you use another program for email, see UNC Encrypted Mail for instructions.