Information Security


Operating System Encryption on Desktops and Laptops

All staff desktop@UCL hard drives (laptops and desktops) should be encrypted using BitLocker Drive Encryption technology. Furthermore, any loaned or personal devices (BYOD) which will be connected to the UCL network or used to conduct UCL business activities are to be encrypted before use. Bitlocker encryption is good enough to meet GDPR requirements as long as the devices are always locked when unattended. If a device with Bitlocker enabled, is left unlocked, anyone with access to it can view data stored on the device. ISG strongly recommend that users do not set their devices to the sleep mode as it does not completely lock the device.

What is BitLocker?

BitLocker is Microsoft’s easy-to-use, proprietary encryption program for Windows that can encrypt your entire drive as well as help protect against unauthorized changes to your system such as firmware-level malware.

BitLocker is available to anyone who has a machine running Windows Vista or 7 Ultimate, Windows Vista or 7 Enterprise, Windows 8.1 Pro, Windows 8.1 Enterprise, or Windows 10 Pro. The Bitlocker enterprise edition is available to all desktop@ucl and laptops.

How do I enable Bitlocker on a windows machine?

To enable BitLocker encryption on windows desktops and laptops, simply follow these steps:

Select [Start Menu]

Type "Bitlocker" into the search box

Select [Bitlocker Drive Encryption]

Click on [Turn on Bitlocker]


1. Open Windows' Control Panel, type BitLocker into the search box in the upper-right corner, and press Enter.

2. Next, click Manage BitLocker, and on the next screen click “Turn on BitLocker”.

3. Now BitLocker will check your PC’s configuration to make sure your device supports Microsoft’s encryption method.

How do I enable Bitlocker encryption for Windows 10?

For Windows 10 build 1511 or later, there are options to choose your encryption mode: new or compatible. If you’re encrypting your on-board storage drive, then choose new. The compatible mode is mostly for removable drives that will be used with older versions of Windows that do not have the “new” encryption mode. 

Click on the box next to Run BitLocker system check so that Windows will run a system check before encrypting your drive.

Once the box is checked, click Continue... and nothing happen

Select [Start Menu]

Type "Bitlocker" into the search box

Select [Bitlocker Drive Encryption]

Click on [Turn on Bitlocker]

How do I check the Bitlocker status it has been enabled?

Using the BitLocker Drive Encryption application to check Bitlocker status.

 You can check the BitLocker status of a machine using the BitLocker Drive Encryption application, which is in Control Panel

The BitLocker Drive Encryption application displays the status of the drives attached to the system e.g. C: is encrypted, E: is not encrypted, F: is in the process of encrypting.

How do I enable encryption on a Mac?

The new Mac computers with T2 security chip have a built in encryption of your Home folder.  There is also an option of using the Disk Utility tool to create an encrypted disk image to store encrypted files. In addition users are advised to turn on FileVault for additional security which requires a password to decrypt data.

How do I turn on FileVault?

You can turn on FileVault by following the instructions on this link: https://support.apple.com/en-gb/HT208344

Encryption For Linux 

Full disk encryption on Linux depends on which Linux distribution you are using, see the links below for instructions for some popular Linux distributions: