Encrypt a physical external drive
Introduction
To remain compliant with the University of Alberta’s (UofA) Encryption Procedure, sensitive information stored on devices where there is risk for unauthorized access and disclosure (in this case, external hard drives) should be protected via encryption.
KBA Objective:
This article provides a method for users to encrypt their external backup drives, typically for backups of University devices
Applicability
Target Audience:
Anyone who needs to encrypt their external drive
Non-applicable:
Refer to KBA – Encrypt a MacOS device for MacOS encryption
Refer to KBA – Encrypt a Windows device for Windows encryption
Refer to KBA – FAQs about Backup data and servers for backing up data before encryption
Procedure
Basic Information
Standard Process
1.0 Windows: Encrypt Drive
2.0 MacOS: Encrypt New Drives
2.1 MacOS: Encrypt Used Drives
Related Knowledge
Basic Information
Encryption helps protect your files/folders by converting the data into code and protecting the data from unauthorized access.
External drives are protected by passwords that are made by the user. A suggestion for these passwords can be: -
For example: if the UofA Tag on the system is 123456, the CCID is djy, and this is the first backup drive then the password could be 123456djy-1.
If there is a second backup drive then the password could be 123456djy-2 and so on.
Standard Process
1.0 Windows: Encrypt Drive
These instructions explain how to encrypt external drives on Windows computers:
Plug the external disk drive into your computer (typically through USB).
Open File Explorer and go to the This PCon the left navigation pane.
In Windows 10, Right-click the specific drive and click Turn on BitLocker.
In Windows 11, you will need to click Show more options before clicking Turn on BitLocker.
The following window will show up
Check the Use a password to unlock this drive box, then enter a password for the drive using the method listed above and click Next.
Make sure to keep this password safe and write it down or save it somewhere on your computer that you will never lose.
Select the encryption option that you prefer, then click Next.
Select Compatible mode for external drives, then click Next.
Click Start encrypting and wait until the encryption is done at 100%.
2.0 MacOS: Encrypt New Drives
These instructions explain how to encrypt an empty new external drive on MacOS computers:
Plug the external disk drive into your computer (typically through USB).
Open Disk Utility.
Click the View menu at the top, then Show All Devices.
Click the specific external drive.
Click the Erase button in the toolbar.
Enter a name for the disk (probably easiest to just give it the same name as before).
In the Scheme pop-up menu pick GUID Partition Map.
In the Format pop-up menu pick APFS (Encrypted).
Enter the password as defined above, then click Choose.
Click Erase, then Done.
2.1 MacOS: Encrypt Used Drives
These instructions explain how to encrypt an existing external drive on MacOS computers (if the drive is already formatted as APFS):
Plug the external disk drive into your computer (typically through USB).
Go to your Desktop and right-click the drive and click Encrypt ""... Note: Viewing external disks needs to be enabled in Finder preferences.
Enter a password based on the method above and add a hint if required.
Make sure you write/save the password somewhere safe and accessible for future use.
Click Encrypt Disk.
Note: If this disk is used for Time Machine backups you can view the encryption progress in the Time Machine panel of System Preferences.
If not, then you can see the status of the conversion process by opening Terminal and typing: diskutil cs list | grep -e "Conversion" -e ""
It will encrypt the entire drive regardless of what data is on there, so for larger/slower drives this will take a very long time.
Related Knowledge
Encrypt a MacOS device
Encrypt a Windows device
Frequently Asked Questions about Backup data and servers
Back to Top