Hard Drive Encryption
Hard drive encryption uses cryptographic algorithms to secure data on a hard drive. Data on an encrypted hard drive cannot be read by anyone who does not have access to the system, appropriate key, or password. It must be decrypted using that key or password to read encrypted data.
Encryption is best used on machines that can easily be lost or stolen, although there is no harm in encrypting all of your systems.
At HMC, CIS recommends encrypting your entire operating system volume through BitLocker for Windows computers, or FileVault for Apple computers. You will be given a unique recovery key during the encryption setup process. This key is needed to decrypt your hard drive if BitLocker or FileVault locks your system. BitLocker may activate on your system if there is an unexpected power outage, if you are replacing hardware components in your computer, or if you unplug your computer and move it to a different location.
In those scenarios, you will need the recovery key to decrypt your data. Please save your key somewhere safe (i.e., not on your computer). CIS recommends Google Drive, which is encrypted on Google’s servers, or any encrypted password manager, such as LastPass at HMC.
Available to faculty, students, and staff at HMC.
How to Access the Service
Configuration of these applications can vary from system to system, but at its simplest:
- Windows 10 or 11 (Pro, Enterprise, and Education editions)
- Trusted Platform Module (TPM) – special microchip in most newer Windows computers
- Mac OS X 10.7 (Lion) or higher
The CIS Help Desk can assist all users with turning on hard drive encryption.
You can find Instructions on how to do this yourself on Microsoft’s and Apple’s websites: