ITSS strongly recommends the use of encryption for staff laptops and other devices. This practice provides safeguards to ensure confidential information remains protected.
For iOS devices (e.g. iPhone, iPad) encryption is automatic upon the creation of a pass-code on the device. For OS X devices (e.g. laptops, desktops) Apple provides a built in encryption solution called File Vault 2. T
his feature is a simple process to activate with minimal impact on the user. We also recommend the practice of encrypting external drives. See instructions for both of these below.
Please note: As of March 2016 any staff OS X device that is handled by ITSS (i.e. newly purchased or brought in for maintenance) will have File Vault activated before they leave the shop. Once enabled, encryption cannot be turned off.
- Login to your administrator level account (e.g. teacher, local admin, YESNET Active Directory account). File Vault cannot be enabled on student or guest accounts.
- Go to System Preferences>Security & Privacy>File Vault
- Click the padlock to allow changes. Click Turn on File Vault. Enter your password when prompted.
- You will receive a notice that a recovery key has been sent to your organization. For further information see footnote (*) below.
- The hard drive encryption will begin. Please note the machine will need to plugged into power. The process can take up to 12 hours for a regular hard drive. Solid State Drives (common to Macbook Airs and newer Macbook Pros) will be faster. You may continue to use the machine while the encryption is running but you can expect slower performance during this period.
- The machine will restart. A user icon will appear almost immediately prompting for that account's password. Type in your password, unlocking the hard drive and the machine will then boot.
- After encryption is completed, the only impact on the user will be the requirement for the user to enter in their password upon turning the machine on.
- Go to System Preferences>Security & Privacy>File Vault.
- Select Enable Other Users.
- Add desired users.
- Insert your external drive (e.g. flash stick, LACIE drive etc.) into your machine.
- Once the volume appears on your desktop, right click the icon. Select Encrypt drive.
- You will be prompted to create a password. Click encrypt disk to begin.
- Depending on the size and format of the volume you are encrypting, allow for an hour or so until the process is completed.
- Once it is completed, eject the volume and reinsert. You will be immediately prompted for a password to access the disk.
- Select Erase.
- Select Mac OS Extended (Journalled) format.
- The disk will be reformatted and after this is completed it is ready for encryption.