it.ucsf.edu

Whole Disk Encryption Best Practices

Sarah Mays's picture
  • Determine whether your target disk is supported. PGP WDE feature protects desktop or laptop disks (either partitions, or the entire disk), external disks, and USB flash disks. 
  • Back up the disk before you encrypt it. Before you encrypt your disk, be sure to back it up so that you won’t lose any data if your laptop or computer is lost, stolen, or you are unable to decrypt the disk.
  • Ensure the health of the disk before you encrypt it. If PGP WDE encounters disk errors during encryption, it will pause encryption so you can repair the disk errors. However, it is more efficient to repair errors before you initiate encryption. For more information, see Ensure Disk Health Before Encryption in Symantec's (PGP) Quick Start WDE Guide
    • Windows:
      • Run Check Disk on all internal hard drives
        • Open My Computer
        • Right click on the hard drive icon select properties
        • Click tools tab
        • Click on Check Now button
        • Check both boxes and click Start
        • Click yes to run check disk at next reboot
        • Restart Computer and verify that check disk ran successfully
      • Highly fragmented disks should be defragmented before you attempt to encrypt them.
    • Mac OS X
  • System meets UCSF’s minimum security standards
  • Be certain that you will have AC power for the duration of the encryption process.