There are times when data/information is required to be transferred between the university and external organisations. It is therefore important to understand the various methods that are available to you in order to transfer data securely according to the sensitivity of the data.
Staff should read the following advice in StaffHub, as it contains some additional advice and links to staff-only resources:
Staff Guidance for Secure Data Transfer (staff login required)
Email should be considered one of the least secure communication methods when communicating with external users/organisations. Why? The university's email service within Office 365 uses an encryption process which encrypts the connection between your device and the email service at Microsoft. Although this provides protection from a malicious user trying to intercept data that you send or receive, the message itself is not encrypted and there are no guarantees that the recipient's email provider creates a secure connection for its users. In addition, emails can easily be forwarded to other people/organisations unknown to you (or mistakenly by the recipient). Again, the email message is not encrypted and any recipient can open it without their identity being confirmed.
It is important to determine the sensitivity of the data being transferred before using email as a method to distribute. If in doubt, password protect and encrypt the data before sending. Please continue reading for further guidance on these methods.
OneDrive for Business
All university students have access to OneDrive for Business. OneDrive for Business allows you to share (editable or view-only) a specific folder or file with a user inside and outside of the university. The data remains in one place (in your OneDrive) and only the recipient stated will have access to the data in question.
Click here for further information on how to share using OneDrive for Business.
Password Protect and Encrypt an MS Office Document, Workbook or Presentation
Where data is held within a Office 2016 document, dorkbook or presentation (Windows and Mac), it is possible to encrypt the data and password protect it. This provides some reassurance that if a recipient's device becomes compromised and the file readily accessible, then a password will be required in order to decrypt and open the file.
The password should not be your university password (or anything similar) or any other password you use for university or personal services. In the unlikely event the password should be discovered outside your intended audience, you do not want a user using your password to access any other accounts you have. Do not write this password down other than in a secure password store and ensure you can remember it. Information Services will not be able to gain entry to files that are password protected. It may be wise to ensure an unencrypted copy is available to you.
Click here for further information on how to set file encryption and password protection.
Word - click here, Excel - click here, PowerPoint - click here
Note this feature will only be available for Microsoft Word, Excel and PowerPoint files.
Encrypt a folder and contents
Where multiple files are required to be sent to someone and where the data is deemed sensitive or confidential, (compressing as a .zip), encrypting and password protecting an entire folder is a sensible procedure. This ensures that should the files be sent via email the data is protected through encryption and password. This method cannot only be used with email but with encrypted USB sticks or even OneDrive for Business for additional protection.
- Before attempting to encrypt a folder you must first ensure the correct application is installed; 7-Zip File Manager. For the majority of corporate Windows 10 desktops and laptops, 7-Zip is already installed.
- Open 7-Zip File Manager and select the folder you which to encrypt and password protect.
- Click 'Add' and a new 'Add to Archive' window will appear.
- Provide a name for the archive (the .zip folder).
- There are multiple options available but for basic encryption and protection move to the 'Encryption' section and enter (and re-enter) a suitable password (see Password Security for more information).
- Ensure your screen is not being overlooked by another user/individual and select 'show password'. Ensure this is the intended password and you can remember it. Do not write this password down other than in a secure password store. It may be wise to ensure an unencrypted copy of the data is available to you in a safe place such as your OneDrive.
- Leave the Encryption method as 'AES-256' and select OK.
- The 'zipped' folder will be generated in the location selected. This folder can now be sent using an appropriate method. The recipient will also require 7-Zip installed (this is free to download and install) and of course the password. The password should not be sent via email but via SMS (text) or by speaking to the recipient.
Please contact the IT Service Desk for assistance on appropriate software installation and process.
Encrypted USB Stick
Where data needs to be physically transferred it should be done so on an encrypted USB stick (FIPS compliant) as per the Information Security Policy. Again, a password is required to encrypt the data residing on the USB stick. Ensure you can remember the password and do not write the password down other than in a secure password store.