INFORMATION TECHNOLOGY ...... File Security and Encryption Procedures
OVERVIEW The purpose of this procedure is for the protection of confidential materials. Confidential material may include, but not limited to, social security number, credit card number, date of birth and electronic Protected Health Information (ePHI).
PURPOSE The purpose of this procedure is to provide best practices for protection of confidential material and if not protected could cause financial and reputational hardship to the College.
SCOPE This procedure applies to all employees, students, contractors, consultants, temporary and other workers of the College, including all individuals affiliated with third parties who have access to Palmer data.
PROCEDURE FOR PROTECTING FILES ON NETWORK SHARES The college uses Information Rights Management (IRM) to protect Microsoft Office files.
1. Open the file 2. Select File 3. Info > Protect Document/Workbook/Presentation > Restrict Access > Restricted Access
4. Check the box to restrict access to the document. 5. Add the allowed users to the proper permission. 6. Click Ok and Save the document. Information Technology – Email Encryption Page 1 of 3 PROCEDURE FOR PROTECTION FILES ON A DOMAIN COMPUTER A user may use IRM to protect Microsoft Office files on their machine or they use Encrypting File System (EFS)
1. Right click on a folder or file and select property. 2. Under the General Tab click Advanced… 3. Select Encrypt contents to secure data. 4. Click Ok 5. You can then select either to encrypt the file or the folder the file is in.
If a user encrypts a folder, everything in the folder will be encrypted and anything new placed in the folder will be encrypted. File level encryption can only be accessed by that user on that machine. The file cannot be emailed, shared, placed on a network share or copied to removable media while encrypted.
PROCEDURE FOR ENCRYPTING AN EMAIL MESSAGE When it is necessary to email confidential material, the following must be done: 1. Type Confidential: in the subject line of the email.
When replying to an encrypted email, if the word Confidential: in somewhere in the subject line, the email will be encrypted. ie. re: Confidential: Your Medical History
PROCEDURE FOR EMAIL - NON-PALMER RECIPIENT When the non-Palmer recipient receives the email in their non-Palmer email address the following will happen:
1. The user will get an email message with the subject line. Secure Messaging Notification a. If they are first time user, they will get a second email with a user name and password sent to their account with a link to their account. The user must change their temporary password. 2. Inside the email message is a link to the secure message. “View the message by clicking here” 3. The user will be able to respond to the email and its contents will remain encrypted.
PROCEDURE FOR EMAIL - PALMER RECIPIENT The user must access the encrypted message with their Palmer computer and with their Microsoft Outlook Client.
Information Technology – File Security and Encryption Procedures Page 2 of 3 The message will not be viewable from a mobile device or a web browser.
PROCEDURE FOR PROTECTING EXTERNAL STORAGE The college uses Microsoft BitLocker to encrypt external hard drives such as USB sticks attached to devices. 1. Plug the USB into the device and right click on the USB and select turn on BitLocker. 2. Select Use a password to unlock the drive. 3. Enter a password and click next. The drive is now ready for use.
PROCEDURE FOR PROTECTING HARD DRIVES The college uses Microsoft BitLocker to encrypt hard drives installed in computers. 1. Open Control Panel 2. Select to view small icons 3. Open BitLocker Drive Encryption 4. If BitLocker is not turned on contact the helpdesk to have it turned on.
PROCEDURE FOR STORAGE AREA NETWORK (SAN) Any SAN purchased must be able to be encrypted at rest. If the SAN cannot be encrypted any failed disked must be destroyed.
PROCEDURE HISTORY
Date of Change Responsible Summary of Change
November 30, 2017 James Mountain Initial Draft
Information Technology – File Security and Encryption Procedures Page 3 of 3