Details about mandatory laptop encryption

Over the next few weeks, Miami University IT Services will be rolling out full disk encryption (FDE). Almost everyone who works at Miami has some confidential information, as defined in MUPIM 3.22, on their computers. By installing FDE, we are ensuring that none of that confidential data can be accessed if an employee’s Miami-issued laptop is lost or stolen.

As the recent news about Equifax reminded us, we must take all reasonable steps to ensure that we are properly protecting the confidential information that we access during our work, research, or teaching. While stories about laptops stolen from colleges and universities do not regularly make the news, they are still happening at schools like the University of California Santa Cruz and the Claremont University Consortium. Having FDE on all of Miami’s computers will ensure that any stolen computers do not lead to a breach of confidential data, as all of the data on the device will be unreadable by the thieves.

For Windows laptops, users will see a window informing them that BitLocker drive encryption is required. Users will have the choice to postpone or to start the encryption process. If the encryption process is postponed, users will continue to be prompted until they select start. If the process is postponed for more than 7 days, the encryption process will begin automatically. All Windows laptops will be encrypted by October 13, 2017.

For Apple laptops, after the policy is enabled, a prompt will appear at the user’s next log out or restart requesting the currently logged in user account’s password in order to initiate the process. All Apple laptops will be encrypted by November 3, 2017.

For both Windows and Apple laptops, the encryption process should have minimal impact on the employee’s ability to use their computer. The encryption processes are designed to run as “low priority” processes, which will enable computer use while the encryption is taking place. If concern remains about this, consider starting the encryption process at the end of the work day so it can run overnight. If users do this, they need to remember to change power settings so the computer does not go to sleep and to lock their screen so no one else is able to use the computer.

The schedule for encrypting Windows and Apple desktops is still being developed and will be communicated via myMiami when it has been finalized.

As a reminder, all mobile devices such as phones and tablets that have access to confidential information need to be configured to follow Miami’s mobile device security standards.

For more general info about information security and how we handle it here at Miami University, please visit the IT Services Information Security website.

Questions about the encryption process should be directed to InfoSec@MiamiOH.edu. In addition, if an employee believes that their laptop cannot be encrypted, they should please reach out.