If a university-owned computer is lost or stolen, and if that computer is storing legally protected sensitive data (social security numbers, credit card information, grades, transcripts, etc.), the university may be held liable for this loss. New university-owned laptops now contain native encryption software to combat this situation.
If you are planning to travel outside of the U.S. with your laptop, CaTS recommends that you view the Travel Restrictions on Encryption Software (PDF). It contains important information about which countries have restrictions regarding encrypted information on your laptop. If you need to borrow a laptop for traveling outside of the country, please contact the Help Desk at 937-775-4827.
On this page:
If a university-owned computer is lost or stolen, it may come into question if it may have had important information stored on the hard drive. If there is a possibility that legally-protected data such as credit card or social security numbers, grades, transcripts, etc, were on the computer, the university may be held liable for this loss. The loss of important research data can also negatively impact the university.
Microsoft provides several layers of security and protection to control who can access and change your Excel, PowerPoint, Word, and Access data. For optimal security, you should protect your entire workbook file with a password, allowing only authorized users to view or modify your data. Additionally, you can protect certain worksheet or workbook elements with or without a password. This can help prevent anyone from accidentally or deliberately changing, moving, or deleting important data. You can help secure an entire workbook file by restricting who can open and use its data and by requiring a password to view or save changes to the file.
Password security at the workbook file level uses advanced encryption (a standard method of securing the content of a file) to help protect your workbook from unauthorized access. A password can be set on the Security tab of the Options dialog box (Tools menu, Options command). You can specify two separate passwords that users must enter to:
- Open and View the File: This password is encrypted to help protect your data from unauthorized access.
- Modify the File: This password is NOT encrypted and is only meant to give specific users permission to edit workbook data and save changes to the file.
These passwords apply to the entire workbook file. For optimal password security, it's best to always assign a password to open and view the file, and have users with permission to modify data enter both passwords.
Note: Password protection of a workbook file is separate from the workbook structure and window protection that you can set in the Protect Workbook dialog box (Tools menu, Protection submenu, Protect Workbook command).
Important: Use strong passwords that combine uppercase and lowercase letters, numbers, and symbols. Weak passwords don't mix these elements. Use a strong password that you can remember so that you don't have to write it down. Visit the Do IT Wright site for more information on secure passwords.
For more secure password protection of the workbook file and its properties, you can choose from several encryption types that are available for use with files. Encryption makes text unreadable to all but authorized users who have a public key that matches the encryption type and that allows them to decrypt the text.
To access encryption options, click the Advanced button on the Security tab of the Options dialog box (Tools menu, Options command).
Protecting Specific Worksheet or Workbook Elements
When you share a file so that others can collaborate on the data, you can prevent any user from making changes to specific worksheet or workbook elements by protecting, or locking down, certain parts of the file. You can also specify a password to allow individual users to modify specific elements.
Important: The following types of protection should NOT be confused with file security. They are not meant to make your workbook more secure and cannot protect it from users who have malicious intent.
- Worksheet element protection
- Permission to access specific areas of a protected worksheet
- Password protection of worksheet and workbook elements
- Workbook structure and window protection
- Protection of confidential data
MacOS X FileVault
MacOS X 10.4 provides a system-level option for encrypting files on your hard drive. FileVault secures files in your home folder by encrypting and decrypting these files while you are using them. Files are encrypted with the login password for the individual user. If there are multiple user accounts on the local Macintosh system, each will need to be set up with FileVault separately. To be effective, auto-login of the user on the Macintosh should be turned off, requiring the user to type in their password each time the Mac is turned on or restarted.
FileVault settings are managed under System Preferences. A Master Password can also be set, allowing you to unlock any FileVault account on the computer. If either password is lost, there is no way to reset them and data can be permanently lost. As with any password, they should be selected for their security.
If a Macintosh hard drive protected with FileVault becomes damaged or corrupt, file recovery will be far less likely, so proper backups are all the more important.
Disk Utility (Applications -> Utilities -> Disk Utility) can encrypt data on a more limited basis. It provides the ability to encrypt a disk image of a folder on the local hard disk, which could then be stored according to university security policy. Again, as with FileVault, if the password is lost any data within the disk image cannot be recovered.
The Security Control Panel
This System Preference Panel provides access to several security features. These options include FileVault for encrypting home directories, Secure swap space which eliminates the chance of someone being able to sift through the swap space trolling for passwords. It also provide configuration options as to when passwords are needed to gain system access.
MacOS X Screen Saver
The user password can be required to wake the system from sleep or screen saver mode by going to the Security option under System Preferences. Make sure that the box is checked next to "Require password to wake this computer from sleep or screensaver". This will help prevent people walking by accessing the workstation.
MacOS X Auto Login
Macintosh systems can be set to auto-login as a certain user. Turning this feature off will enhance the security of the system. To check this setting, go to System Preferences, Accounts and click on Login Options. (You may be required to unlock the Accounts screen by providing the password for the admin account to gain access to Login Options.) On the Login Options screen, make sure that Automatically log in is not checked. With this feature turned off, each time the Mac is turned on or restarted, you will be challenged for a user name and password.
Mac OS X includes an application called Keychain. It is used to store and access usernames and passwords, such those used by web sites that require logins. The default Keychain is called "login" and uses the login password. For further security, you can change the Keychain password so that it must be authenticated to separately. This way if someone gained access to your account, they would not have instant access to your Keychain also. Keychain can also be configured to lock after a set period of inactivity. This option can be found under Edit -> Change settings for Keychain Login in the Keychain Access application.
CaTS maintains information about IT security on our website. You can learn more about how to protect your computer, common hacking methods and what types of information are considered protected.
Everyone is encouraged to watch the short 4-minute Do IT Wright security video available on the CaTS Security website. If you have specific questions about the new drive encryption program, please send an email to firstname.lastname@example.org with the subject "encryption" and someone will get back with you to discuss the matter in more detail.