UL-Owned Laptop Encryption Service
Laptop encryption helps to protect data stored on your laptop should the device go missing or is stolen. Data Encryption involves transforming data into an unreadable format to prevent unauthorized access to the data. To read an encrypted file, you must enter your UL credentials, and this is done when you log onto your laptop.
Data stored on an encrypted laptop is only as secure as the password used to protect it, so it is vital that you use a strong password for your UL account and that you don’t share this password with anyone. If you respond to a phishing email, and supply your UL username and password, an unknown third-party can potentially access the sensitive data stored on the laptop. Encryption will not protect your data in this scenario.
The data stored on the laptop is only encrypted when it is stored on the laptop. If you share the information using email or another method it is no longer encrypted.
Who can use this service
UL staff using UL-owed laptops.
The laptop must be connect to UL’s Active Directory, and this is normally completed during the device setup process.
- Hardware: UL-owned laptop
- Software: PC running Windows 10, or an Apple Mac
How to obtain the service
- New laptops and rebuilds – ITD will encrypt the laptop as part of the provisioning process. During the encryption process a Master Encryption Key will be generated and stored in Active Directory – see below for more information on your Master Encryption Key.
- For existing laptops - log a call on Topdesk - https://ul.topdesk.net. A staff member in ITD will follow up, and ask you to bring the laptop to ITD to complete the encryption process. During the encryption process a Master Encryption Key will be generated and stored in Active Directory – see below for more information on your Master Encryption Key.
Master Encryption Key
Your laptop will prompt you to provide the Master Encryption Key in the following situations:
- During a BIOS upgrade
- Changing boot options
- During the installation of an additional hard drive
- Changing the TPM chip installed on the device
In this scenario, you will need to contact ITD to retrieve the Master Encryption Key.
Out of Scope
- ITD may not be able to encrypt laptops purchased outside of the current OGP/HEAnet framework.
- ITD can’t encrypt laptops where the device doesn’t support Bitlocker encryption (Windows) and FileVault encryption (Mac).
Personal or sensitive data should not be stored on unencrypted laptop – see policy