CUMC Home | Columbia University | Jobs at CUMC | Contact CUMC | Find People
     
Columbia University Medical Center logo,  Columbia University Medical Center Information Technology
For support: call extension 5-Help (212-305-4357) or email us
 
 
Encryption
 

USB Drive Swap Program

To minimize the risk associated with unencrypted USB flash drives, CUMC IT will provide a free hardware encrypted drive to CUMC faculty and staff in exchange for any unencrypted USB key(s). The hardware encrypted drive is a Kingston 8GB DataTraveler Locker+ G2 that is compatible with both Windows and Macintosh computers.

To receive a free drive:

  1. Backup any needed files and folders that are stored on the USB key(s) you will be exchanging.
    Keep in mind that confidential or sensitive data in any backup can only be stored on properly encrypted media. If you have access to a CUMC IT network drive the files are automatically encrypted.
  2. Delete your files from the unencrypted USB key after verifying that the backed up data was saved correctly.
  3. Bring the key(s) into the Service Desk on the 2nd floor of the Hammer building, above the Library, to exchange for a free hardware encrypted 8GB Kingston DataTraveler Locker+ G2 USB flash drive.
    NOTE: Only one drive can be given to each individual, regardless of how many unencrypted drives are brought in. We are offering proper disposal of additional unencrypted flash drives to help CUMC comply with federal, state and institutional requirements protecting confidential and sensitive information.

Obtaining Additional Hardware Encrypted Drives
If you or your department needs additional drives, they can be purchased at a discount via Columbia Purchasing's preferred vendors. Select a link on the Purchasing Department's Computer Equipment page for GovConnection or CDW-G, your UNI login will be required. Additional models of USB flash drives that can be used at CUMC are listed on the Approved Encryption page.

Symantec Endpoint Encryption of Connected USB Drives
For convenience Symantec Endpoint Encryption (SEE) software and its older version called GuardianEdge (GE) will no longer automatically encrypt USB drives that are plugged in to a computer running SEE or GE. To ensure that you are complying with data use and encryption requirements, please be sure to use hardware encrypted drives or individual file and folder encryption.

IMPORTANT: Computers running GuardianEdge (the previous version of Symantec Endpoint Encryption) may have older settings that cause GE to automatically encrypt any connected USB drive. The drive would then require a password for both hardware and software encryption.
Preventing or Resolving Double-Encryption on a Drive
If your computer has GuardianEdge installed and it hasn't been used on campus recently, or if you would just like to make sure it received the current settings, please click here for instructions on how to manually update GE so automatic software encryption of USB drives will not occur.

Using the Kingston 8GB DataTraveler Locker+ G2 Flash Drive

The hardware encrypted Kingston DataTraveler drive will prompt you to set up a strong password when you first connect it to a computer. This password will be then required whenever you connect the drive to a computer.

If the correct password is not entered after 10 attempts in a row (even if you plug and unplug the drive on any computer), the drive will automatically reformat and permanently delete all data. Be sure to select something that you will remember, and do not give this password to others in accordance with CUMC policies. If you must share an encrypted file use another method such as software encryption via SEE or via email to use a password you can share.

Setting Up Your Kingston 8GB DataTraveler Locker+ G2 Drive
  1. Connect the DataTraveler drive to a USB port on your computer. Kingston recommends that the drive is connect to a port directly on a computer itself rather than a peripheral (keyboard, USB hub) to provide adequate power.
  2. Windows computers will see an AutoPlay window appear. Double-click Run DTLplus_Launcher.exe.

    DataTraveler Drive AutoPlay

    If you do not see AutoPlay or are on a Macintosh computer, browse to the drive to initiate setup. Windows users should double-click the DTLplus_Launcher; Macintosh users should select the Mac folder on the mounted DTL+ G2 drive, then DTLplus_Laucher.
  3. The DataTraveler Device Initialization window will appear. Make sure your preferred language is selected and click the Next button in the lower right.
  4. In the License Agreement window, make sure Accept is selected and click the Next button in the lower right.

    DataTraveler License Agreement

  5. Type your desired strong password for the USB drive in both the Password and Password Confirmation fields.
    • As stated in the Password window, it must be between 6 and 16 characters and contain at least 3 of the following: upper case letters, lower case letters, digits and special characters.
    • Do not forget the password you select. If you forget it in the future, the drive will re-format itself and destroy all data on it after 10 consecutive bad attempts.

    DataTraveler Password Setup

  6. If desired, type a word or short phrase that will help you remember the password in the Hint field. It cannot be an exact match to the password.
  7. Click the Next button in the lower right.
  8. Type in your name, company and any desired details in the appropriate fields of the Contact Information window. The fields cannot contain the password selected in step 5.
  9. The drive will take a few moment to format and will display Format Complete when done. Click the OK button in the lower right.
Your DataTraveler USB drive is now ready for use.

Be sure to follow instructions below to safely eject the drive before you physically remove it from the computer; data corruption can occur if it is not properly shut down first.

Using the DataTraveler Hardware Encrypted USB Drive

  1. Connect your drive to a USB port on the computer. Kingston recommends using a port directly on a computer itself rather than a peripheral (keyboard, USB hub) to provide adequate power.
  2. Windows computers will see an AutoPlay window appear. Double-click Run DTLplus_Launcher.exe.

    DataTraveler Drive AutoPlay

    If you do not see AutoPlay or are on a Macintosh computer, browse to the drive to initiate setup. Windows users should double-click the DTLplus_Launcher; Macintosh users should select the Mac folder on the mounted DTL+ G2 drive, then DTLplus_Laucher.
  3. Type in your password and click Login in the lower right to access the drive.

    DataTraveler Login

    • Links below the Password field allow you to:
      • Show Password Hint - any hint you entered when first setting up your password
      • Reset Your Password - you will need to know the current password
      • View Contact Information - entered when first setting up the drive
    • IMPORTANT: Failed Password Attempts and Drive Locking/Reformatting
      • If you enter the Password incorrectly a warning that you have Failed to Login will appear in red.
      • For security, the drive allows only 10 consecutive incorrect attempts (whether you unplug and plug in the drive on any computer) before it will lock. After 7 incorrect attempts the warning will list the number of attempts that are left.
      • Once it has locked it can only be used if you allow it to reformat and permanently erase all data stored on the drive.
  4. After successful login to the drive, you will see the DTplus_Launcher icon and can open, modify, copy, delete and save files on it as normal. IMPORTANT: Be sure to properly close and eject the drive according to instructions below before physically removing it.
    • Windows computers will show the drive icon in the lower right corner of the computer screen, by the time/date display. If you don't see it click the up triangle to reveal more icons in this area.

      DTLocker_Launch icon on Windows

    • Macintosh computers will show the icon in the dock, and a DTLplus drive mounted in your Finder window. To access files on the drive from the Mac's Finder, be sure to select the mounted drive icon rather than the disc icon.

      DTL Icon in Macintosh Dock Mounted DTL Drive in a Macitosh Finder Window
      DTL icon in the Dock Mounted in the Finder window

  5. Additional drive settings such as changing the password or contact information can be found by opening DTLocker+ Settings:
    • Windows - click the DTLplus_Launcher icon in the lower right corner of the screen (you may need to select the up arrow first), then the link to DTLocker+ Settings.
    • Macintosh - hold down the control key on your keyboard while clicking on the DTL icon, then select DTLplus Settings.
    • DTL Settings Link in Windows DTL Settings Link in Macintosh
      DataTraveler Settings Link in Windows DataTraveler Settings Link in Macintosh
Ejecting the DataTraveler Drive
Always use the DTL program to safely eject the drive before physically unplugging it. If not, files stored on the drive may become corrupted.
  1. Be sure to close any files that have been opened directly from your DataTraveler drive.
  2. Open the DTLPlus_Launcher device options as indicated above (click on the icon in the lower right of a Windows computer, or control-click the icon in the dock of a Macintosh)
  3. Select Shut down DTL from the list that appears.
    • If using a Windows computer, click the OK button if asked Are you sure you want to shut down DTLocker+?
    • No confirmation will appear on Macintosh, the icon in the dock will no longer appear active, and the drive will no longer be mounted.
  4. Once the DTL program has closed you can physically unplug the DataTraveler drive.

| TOP |

Last updated 10/22/2014