Due to their size and mobility, laptops are easy to lose and easy to steal. It is everyone’s responsibility to protect and secure data stored on these devices from unauthorized or unintentional data exposure. By encrypting all university-owned laptops, Texas State is adopting an industry best practice that lessens the risk of data exposure without the need to determine if confidential information was present on a missing laptop. In other words, if we can prove that the data was encrypted, we can be sure that the data does not get into the wrong hands. Furthermore, we can remotely remove the data from the device as well.
In a 2010 study, 46 percent of lost laptops contained confidential data, only 30 percent of those systems were encrypted, and only 10 percent had other anti-theft technologies. The Billion Dollar Lost Laptop Study (PDF), Ponemon Institute and Intel Corp. According to the FBI and the insurance institutes, laptop computers are the number one theft item in the United States with approximately 1,800 stolen per day across the country.
The Texas State Laptop Encryption Program will also address State of Texas mandates found in the Texas Administrative Code, Title 1, Part 10, Chapter 202, Subchapter C, Rule §202.75 and UPPS 04.01.01: Security of Texas State Information Resources.
Reduce the risk of university confidential data exposure through stolen or lost equipment. Implement a cross-platform, full-disk encryption solution that meets industry and State of Texas Administrative Code (TAC 202) standards.
McAfee Endpoint Encryption Software
All new computer replacement program (CRP) laptops will be encrypted prior to delivery.
Anyone who purchases a department-funded laptop must contact ITAC to have the laptop encrypted. Where applicable, ITAC will involve the department’s technical support person (TSP) to aid in software installation, encryption set up, and end-user registration.
In an effort to encrypt as many laptops as possible, ITAC will undergo the below initial laptop encryption effort:
After the first round of laptop encryption is complete, it will be the responsibility of the laptop owner and the department inventory account manager to ensure that all laptops are encrypted and stay encrypted.
Any new laptop that gets added to an inventory list must have encryption on it to protect university and personal data. If a laptop is reimaged or has a new operating system installed, someone from your department must contact ITAC to encrypt the device. See the encryption options below.
Approximate turnaround time: 3 business days
Advantage of Choosing Option #1:
Allowing ITAC to fully provide this encryption service will ensure that your data is backed up, that encryption is installed and fully operational, and that you fully understand how encryption works on your laptop. There is no charge for this service.
Approximate turnaround time: Same business day
Advantage of Choosing Option #2:
Allowing ITAC to begin this encryption service for you will ensure that your data is backed up, that encryption software is installed, and that the encryption process has begun. There is no charge for this service.
Disadvantage of Choosing Option #2:
You will be responsible for ensuring that the encryption process completes, that the device is actively encrypting, obtaining a Device Encryption security label, and that you set up your account and understand how the process works.
Approximate turnaround time: Same business day
Advantage of Choosing Option #3:
Encryption can be installed remotely, so you do not need to leave your laptop with ITAC for any period of time.
Disadvantage of Choosing Option #3:
You are responsible for backing up and restoring your own data on the laptop. You are also responsible for ensuring that the encryption process completes, that the device is actively encrypting, obtaining a Device Encryption security label, and that you set up your account and understand how the process works.
|15 Minute Timeout||Laptop screens will lock after 15 minutes of inactivity (e.g., no keyboard or mouse clicks). To unlock the screen, enter your password.||Laptops are only protected when locked. If a laptop is unlocked and inactive, the data is unprotected, vulnerable, and in an unencrypted state.|
|Previous user’s NetID does not display on the login screen||People cannot see the NetID or name of anyone who has previously logged into that device.||This prevents a malicious user from trying to login as the previous user.|
|Encrypted laptops must be powered on (not hibernating or sleeping) and connected to the Internet for at least 90 consecutive minutes every 30 days.||This setting ensures the encrypted laptop is checking in at Texas State to verify that it is in fact encrypted. If a laptop fails to check in, it will be locked and will require you to contact ITAC for unlock assistance.||If a laptop is lost or stolen, our encryption management software will be able to validate the encryption state. This is a critical feature for determining the next steps to take to protect the data.|