External Storage Media Encryption and Disposal

Purpose

As stated in the Endpoint/Device Encryption Policy, Saginaw Valley State University strives to maintain the integrity and security of institutional, proprietary, and confidential data entrusted to it. This type of data includes, but is not limited to, student records, financial records (both institutional and personal), and health care related records. 

SVSU discourages the use of portable media to store sensitive information. Portable media includes, but is not limited to: memory cards, USB flash drives, external hard drives, CD/DVD etc.

Sensitive information should be stored on removable media only when required in the performance of assigned duties.  When sensitive information is stored on removable media, the user must ensure that encryption is used, the media device is kept safe, and is properly disposed of when no longer needed.

Procedures for Encrypting Portable Storage Media

It is important for the responsible end-user to know that manual encryption of external storage media typically requires the creation of a password so that the data can be unencrypted when access is needed. Storing the password in a safe secure location is imperative (it should never be kept with the device).  While laptops and iPads are portable devices, ITS manages those devices and ensures encryption policies are implemented prior to delivery.  The information below pertains to external storage devices, which becomes the end-user's responsibility.

Windows BitLocker Encryption Process

Instructions to enable encryption of an external storage device:

1. Connect the external storage device to the Windows PC via the USB port.
2. Open Windows File Explorer and locate the external drive.
3. Right-click the target drive and select Turn on BitLocker.
4. Click on Enter a Password.
5. Enter a secure password and make a note of that password somewhere safe.
6. Now select How to Enable Your Recovery Key.
   1. Print the recovery key and to store in a safe place.  You can choose to print it using Microsoft Print to PDF and store it on the computer system.
7. Choose how much of the drive to encrypt
   1. Recommendation is to Encrypt entire drive.
8. Click Start Encrypting  (be patient and allow it to fully complete the encryption process)

Instructions to access data from the encrypted storage device.

1. After inserting the encrypted storage device into the Windows system, a notification prompt will appear saying it is BitLocker-protected.  
2. Enter the encryption password when prompted.

Macintosh Encryption Process

Instructions to enable encryption of an external storage device:

1. Insert the USB flash drive into your Mac.
2. When the icon appears on the desktop, right-click on it and select Encrypt.
3. Enter and confirm a password (as well as a password hint). This password CANNOT be changed.
4. Click Encrypt
5. Once finished, when unplug the device and reinsert it - the system may prompt to add it to your keychain.

Instructions to access the data from the encrypted storage device.

1. When the encrypted removable drive is plugged into a Mac system, a notification prompt will appear saying it is encrypted. 
2. Enter the encryption password when prompted.

Encrypting iPads and other Tablets

To encrypt an Android phone or tablet:

1. Open the Settings menu.
2. Go to Security.
3. Under Security, tap Encrypt Device.
4. If using a microSD card in the phone, you may also select Encrypt external SD card.
5. Select Encrypt phone (or tablet).
6. Create a strong password.

To encrypt a personal iPad:

1. Go to Settings.
2. Tap on Touch ID & Passcode.
3. Enter a new passcode.
4. Scroll down to the bottom of the screen and turn on the switch for Data protection.

NOTE: ITS does manage iPads and requires PIN Passcodes to be turned on.

Encrypting Data Stored to CD\DVD 

While data being saved to a CD\DVD can be encrypted, it is not recommended to store any sensitive data on CD or DVD discs.  It would be better to store the data onto a USB flash storage device and encrypt it as outlined above, as it will provide far more capacity for storage and easier method of encryption.

Disposal of External Storage Media

All computer-related devices containing data storage (desktops, laptops, tablets, and external storage devices mentioned in this article) must be properly disposed of, going through a sanitization process or physically destroyed by Information Technology Services, to meet security related policies. Throwing items into the trash is insufficient to protect against unauthorized access to SVSU data and would violate our policies.

Please deliver these items to the ITS Support Center for proper disposal, or submit a request with ITS to pick up your equipment for disposal.