Encryption and passwords
Resources and guidance to help you secure University information with strong passwords and encryption.
When and why to use encryption
It is essential that the University employs appropriate safeguards when sending information externally; encryption and strong password management are at the heart of this.
Encryption is the process of scrambling information to make it meaningless to anyone without the key required to reverse the scrambling - rendering it useless to unauthorised users. This protects information from risks associated with interception of electronic traffic, and also reduces the risks of accidentally sending information to the wrong recipient.
How you can help:
- Check whether you need to share the information and how much you need to share
- Can you anonymise it so that personal data is not identifiable?
- Do you have a clear business need to share the information?
- Decide on the best method to use and if unsure contact the Information Security team
- All University laptops and MacBooks are encrypted; but remember that if your laptop is left unattended and logged in, the information is available to anyone with access to your laptop.
-
Why is encryption important?
- Encryption helps to ensure sensitive information is sent securely and does not fall into the wrong hands.
- Encryption can protect your information if your device is lost or stolen.
-
Who should encrypt information?
- All University staff should consider the information they share and whether they should encrypt this information when sending it externally.
-
What should be encrypted?
- All sensitive information that will be sent outside of the University should be encrypted.
- All mobile devices used to access a Manchester Met email account.
- USB drives used for University purposes.
-
When should you encrypt your information or device?
- When you consider the information to be sensitive and are sharing it externally. For guidance on when to classify information as sensitive, please refer to our Information Classification scheme.
- All mobile devices and USB drives should be encrypted before connecting to the University network.
-
How do you encrypt information or devices?
- How to encrypt information for the following:
-
What else can staff do to protect sensitive information?
- Always ensure you are using strong passwords. For guidance on password management please refer to the Information Security password management control procedure.
- You might wish to use online password management tools such as LastPass and 1Password.
- When working remotely, ensure you are connected to a virtual private network (VPN).
- Always ensure you are using strong passwords. For guidance on password management please refer to the Information Security password management control procedure.
How to encrypt information and devices
How to encrypt information for the following:
Passwords
The use of encryption can be undermined by use of weak passwords.
How to create a strong and secure password:
- Use long passwords.
- For students, the minimum is 8 characters, but we recommend 16 characters
- For staff, the minimu is 16 characters
- Use a string of random words
- Eg ‘main’, ‘later’ ‘only’, ‘mainlateronly’ for more complexity add numbers and capital letters and even symbols ‘5mainlAter8only!’
- Avoid using words associated with you or your family, such as pet names, favourite foods, the names of family and friends as many of these can be guessed from social media sites or general information that people may already know about you
- Avoid using the same password for multiple accounts
- Avoid using passwords that only change by one number every time you update it.
- Eg ‘roaming1’ and then ‘roaming2’
- Avoid ‘passw0rd1’ or other obvious passwords
- Don’t write your password down - if you struggle to remember your passwords consider using a password management tool
For more information about managing your password, see: Managing your password.