Ohjeet - Encrypting university data when using your personal devices

In accordance with the university's policy, personal devices may be used for work purposes only if necessary. When handling confidential or personal information, the university's confidentiality guidelines must be taken into account. When using your personal devices for work, you must encrypt the information and create a separate work profile on the device. Following these instructions will ensure that your device is encrypted, and thus the highest protection category for information that can be processed on your own devices is confidential/protected. Information classified as secret should not be processed locally on your own devices at all.

Windows:

If you are processing confidential information on your personal devices, you should encrypt the data. The university recommends either Bitlocker for disk encryption (if you are using Windows Pro) or Cryptomator for individual directory encryption. To enable Bitlocker, log in to the administrator account on your Windows device. Select Settings > Privacy & Security > Bitlocker Drive Encryption:

Select the drive on your device that you want to encrypt. Then select "Enable Bitlocker" and follow the installation instructions. Remember to collect your Bitlocker recovery key and keep it in a safe place.

If your device does not have Bitlocker, use Cryptomator for encryption, instructions can be found here. If encryption is not used, only public data processing is allowed on the device.

Mac:

If you handle sensitive information on your device, you should enable FileVault. Select System Preferences from the menu, then Privacy & Security. Check that FileVault is turned on.

If encryption is not used, only public data processing is permitted on the device.

Linux:

If confidential information is processed on the devices, the information must be encrypted. The university recommends Cryptomator for encrypting directories. If encryption is not used, only public data processing is allowed on the device.

Android:

Encryption options must be checked on a device-by-device basis. For example, on Samsung devices, the Knox service encrypts the device by default. If encryption is not used, only public data processing is allowed on the device.

iOS:

Make sure that Data Protection is enabled on the device, which encrypts the data. If encryption is not used, only public data processing is allowed.