Information Security
  /  
Security Offerings
Data Encryption

Encrypting your laptop and desktop is required per University policy as it is the single most important step you can take to protect your personal information and Northwestern's data in the event the device is lost or stolen.  Encryption is a way of transforming your data into an unreadable format that should only be deciphered by your password/passphrase/personal key. Encryption also meets government directives and regulations for storing sensitive information such as Protected Health Information (PHI) like Health Insurance Portability and Accountability Act (HIPAA), Personally Identifiable Information (PII) like the Family Educational Rights and Privacy Act (FERPA), or research data considered to be Controlled Unclassified Information (CUI) and protected from public disclosure.

Symantec Encryption (PGP)

Many McCormick staff computers are encrypted using PGP Whole Disk Encryption.

As needed, these computers will be transitioned to a native encryption option, such as Microsoft BitLocker or FileVault for Mac.

BitLocker for Microsoft Windows

Northwestern provides BitLocker, a free tool to natively encrypt the information on a Microsoft Windows computer so that unauthorized users, apps, or utilities are not able to access your information.

The initial encryption of your computer may take several hours, and you will be requested to define an 8-digit PIN as an additional authentication factor. Northwestern leverages Microsoft Administration and Monitoring (MBAM) to centrally backup BitLocker Recovery Keys, and are only accessible by you or authorized help desk personnel. Once your data is encrypted, you will be prompted to enter your PIN each time you turn on your computer to decrypt your data so that you can use it. A pre-boot PIN prevents the encryption key from being automatically loaded into system memory during the boot process, which protects against certain malicious attacks. Once you successfully enter your PIN, Windows starts, and you will be promoted for your NetID and password to complete the login process.

For more information, see BitLocker frequently asked questions

Obtaining a BitLocker Recovery Key

You may require a recovery key if:

  • An attack is detected
  • A hardware change is identified
  • The firmware is upgraded or updated
  • The computer is docked or redocked
  • Your PIN was entered incorrectly or forgotten
  • The computer's battery was removed, inserted or depleted

To obtain a recovery key:

  1. Go to http://bit.ly/bitlockkey
  2. Log in with your NetID and Password
  3. Enter the first 8 digits of the 32-digit Recovery Key ID displayed on the BitLocker recovery screen
  4. Select the Reason a Recovery Key is needed
  5. Click the Get Key button

For questions, contact action@mccormick.northwestern.edu or contact 1-HELP for after-hours support.

FileVault for Mac OS

Northwestern provides FileVault, a free tool to natively encrypt the information on an Apple Mac OS X computer so that unauthorized users, apps, or utilities can’t access your information. Northwestern uses JAMF Casper to centrally backup the FileVault Recovery Key and provide machine reporting. 

The initial encryption of your computer may take several hours. Encryption occurs in the background as you use your Mac, and only while your Mac is awake and plugged in to AC power. Any new files that you create are automatically encrypted as they are saved to your startup disk.

When FileVault setup is complete and you restart your Mac, you will use your account or NetID password to unlock your disk and allow your Mac to finish starting up. FileVault requires that you log in every time your Mac starts up, is in sleep, or after leaving the screen saver. No account is permitted to log in automatically.