About Encryption at CUIMC


Encryption is typically required on computers, smartphones, USB keys, etc. used at CUIMC, whether they were purchased by a department or are personally owned.  Encryption requirements support Columbia University Information Technology policies and the CUIMC Information Security Procedures.

For a general overview of encryption and how it works see What is Encryption?

Endpoint and Removable Media Procedures

Endpoints refer to computers and mobile devices, while removable media encompasses USB keys, discs, external drives and more.  CUIMC's Endpoint Procedures include requirements for workforce or managed endpoints, personally owned ones, and removable media.  While Certified IT Groups will generally set up encryption on endpoints, anyone using the endpoint or media are responsible for making sure encryption is working as required and keeping any data adequately protected.

CUIMC Approved Encryption

Computers (including personally owned) that store or access sensitive data must use approved encryption methods:

Before Using Any Encryption Program

The purpose of any encryption software is to make data unreadable if proper authentication is not provided. Issues including permanent loss of data can occur if you do not adequately prepare your computer or device and data before installing or beginning to use encryption.

  1. Verify that the software is compatible with your computer's hardware and existing software.
  2. Review the program's installation and help documents to understand how you will be using it.
  3. Backup your existing data and files and follow any CUIMC requirements for storage and encryption of backups. For most faculty and staff, CUIMC IT managed network drives and OneDrive for Business are the easiest ways to do this.

It is also important that you do not forget or lose any password you set in an encryption program. Doing so may mean that you can no longer access the files; many programs do not provide a backup method to decrypt data without the password.