When a document is encrypted, the content within it is encoded. This ensures that only the intended recipients can view its contents, assuring them that the information is genuine.
Encryption also guarantees that sensitive and confidential information does not end up in the wrong hands as it limits unauthorised access.
This method is therefore ideal when sending documentation that contain
- any information that can be used to identify you (i.e., personal identifiable information). This includes your identity number, name, financial information, tax number, contact details, address, medical information, biometrics, gender, race, marital status, employment and academic history, usernames and passwords
- any information about an individual, or entities’ finances
- contracts and agreements
- tender documentation
- authorised systems
- research proposals and data collection
- intellectual property
- minutes and agendas for some meetings
- internal audit reports
- course evaluations
- tests
- patient files
Once a document has been encrypted, it can only be viewed by individuals who have been given an encryption key (i.e., a password). To avoid any risk of the document being intercepted, we recommend using a complex and secure password. Two different methods should be used to send the encrypted documents and the encryption key. For example, send encrypted documents via email, and the password via an SMS or secure instant messaging platform.
Recommended encryption tool
Some of the tools that are already used at UCT, including Adobe Acrobat and Microsoft Purview, offer encryption functionality. An alternative option, which is used and endorsed by the UCT Computer Security Incident Response Team (CSIRT), is AES Crypt.
This tool uses Advanced Encryption Standard (AES 256) and has been endorsed by the National Institute of Standards and Technology (NIST).
The tool can be installed and used on any supported Windows, macOS, or Linux device.
- Navigate to https://www.aescrypt.com/download/ and download the file for your specific operating system.
- Open the folder where the downloaded file is saved and follow the prompts.
Should you experience any issues, please follow the instructions for your applicable operating system.
Encrypt a file
Part one: create a zip file
- Navigate to the folder where the files that needs to be encrypted are installed and highlight them.
- Right click and click Compress to zip file (Windows) or Compress (macOS).
Part two: encrypt the file using AES Crypt
- Navigate to the folder where the zip file is saved and right click on it.
- Select AES Crypt from the menu.
- Enter a complex password twice in the dialogue box that appears and click OK or Continue.
- The password must be secure and contain at least 16 characters.
- Never use a password you’ve used before.
- The encrypted file is saved in the same folder and has the same name as the original file but contains an .aes extension.
Decrypt a file
Only individuals who have received the encryption key will be able to access the file.
- Save the file in a secure location and open it.
- Alternatively, right-click the file and click AES Decrypt.
- Enter the password that has been sent to you, when prompted, and click OK or Continue.
- The decrypted file is saved as a separate file but will no longer contain the .aes extension.
Options for sharing encrypted files
We recommend using one of the following methods to share encrypted files
- FileSender for large files
- Microsoft Purview for files that are smaller than 20GB
Always remember to use a different method to share the password for the encrypted file.
Manage sensitive and confidential information
Store files that contain confidential information in a secure location that only you and authorised individuals have access to. Original files that do not have the security measures that come with encryption, are still at risk of being accessed by unauthorised individuals. It is therefore important that you take careful consideration into where you store such files and who can access it.
Unauthorised access to a file or folder
Should you accidently share sensitive and confidential information with unauthorised individuals, you must immediately inform the UCT Computer Security Incident and Response Team, as per the UCT Password policy. The same applies when your UCT username and password are compromised. Send an email to uctcsirt@uct.ac.za and the UCT CSIRT will be in contact with you to provide the necessary support and assistance.
Unintentional exposure to confidential and sensitive information could be damaging for UCT and must be reported to ensure that swift action is taken to protect UCT’s digital assets.