Resources for Faculty and Staff
Laptop Encryption
The University has a new policy that requires us to encrypt all BYU-owned laptops. This will help prevent data loss or breaches if a laptop is lost or stolen. We will be rolling this out to our College devices using our device management platforms in the coming weeks. Our plan is to push it out automatically to all laptops beginning on Aug. 1, 2022.
You will see a prompt informing you that encryption has been enabled and that you will need to restart your computer to begin the process. We will be using the built-in encryption tools from Microsoft (BitLocker) and Apple (Filevault), depending on which device you have. We have tried to cover some common questions below - if you have any other questions or concerns, please contact the College CSRs at 801-422-3292.
Frequently Asked Questions
What does encryption do to my computer?
The data on your local drive will be encrypted so that it cannot be read without the decryption key. This will mean that if your device is lost or stolen no one can remove the drive from the computer and read the data.
Will this change how I use or log in to my computer?
No. You will log in to the computer using the same username and password as before and the encryption should be transparent to you while using the device. Some Apple laptop users may notice a slight change when rebooting your computers. The login screen will appear before the machine has fully booted, so you may notice slightly longer delays between the login screen and your Desktop.
What if I forget my password? Will my data be recoverable?
Since the device encryption is tied to your password you should make sure that you choose a secure but memorable one. If you do forget your password the master encryption keys are stored in our device management platform and the College CSRs can help recover data in that case. However, it is important to always have a backup of your critical data. This can be done either using a cloud storage system like Box for your work data (preferred), or by installing a backup solution like Crashplan that will backup your local data to a cloud server.
Can I enable encryption sooner so I can choose when my device restarts?
Yes - here's how:
On a Mac, open the Self Service application in your Application folder and find the item called "Filevault Disk Encryption." Click Install and you will be prompted to restart to enable Filevault. You will get a notice when you log in the first time that Filevault has been enabled.
On a PC, open the application Software Center. Look for an item called "Enable Bitlocker." Click Install and you will be prompted to restart your computer to enable BitLocker.
How can I check the status of the encryption on my device?
On a Mac, you can go to System Preferences, then Security and Privacy, then the Filevault tab. On a PC, you can open the Control Panel application, then choose BitLocker Drive Encryption.
What if I only have a desktop computer?
Currently we are only requiring encryption on laptops since the chance of loss or theft is greater with them. You are welcome to enable encryption on your desktop devices if you wish, but please keep in mind the need to keep good backups of your data.