Information Security Resources

• If you use a University-owned Windows Entra managed computer, operating system patches will be installed automatically.
• You may be required to restart your computer after patches (updates) are applied.
• Additionally, M365, Adobe Flash & Reader, Firefox, Java, Sophos, and Entra updates are applied automatically.
• Your system will be checked for certain software packages and versions.
• If any of the automatic updates have failed or have not been applied, you will receive a notification of the software packages, which have become outdated. The notification will instruct you to contact the IS Service Desk to arrange to have the software updated.

• Computers which are not University-owned Entra managed or are personally owned should be updated regularly.
• To configure automatic updating for platform, please reference info in the following dropdowns that pertains to your operating system.

To update the applications and operating system on a Mac computer, see How to get software updates for your Mac from Apple. 

It is recommended to enable automate updates. Under "Apple Menu", click "System Preferences". Go to the App Store Panel and check all options, including:

• Automatically check for updates.
• Download newly available updates in the background.
• Install app updates.
• Install OS X updates.
• Install system data files and security updates.

Windows Update is the best way to keep Windows updated with the latest security fixes, feature improvements, and other patches.

• To ensure you are receiving updates from Windows Update, it is recommended, you turn automatic updates on within your operating system.

• If you have Windows 10, you will receive Microsoft patches automatically. 

Note: Support for Windows 8 ended January 12, 2016, and support for Windows 8.1 ended January 10, 2023.

1. Click "Settings", then "Change PC settings", and then click on "Update and recovery."
2. Select "Choose how updates get installed."
3. Under "Important updates", choose "Install Updates Automatically" (recommended).
4. Under "Recommended updates", select the "Give me recommended updates the same way I receive important updates" check box, and then click "Apply".

• Windows Updates typically only cover Microsoft products.
• You should also consider updating third party software, which includes any applications installed on top of the operating system.
• Adobe products, browsers such as Firefox or Chrome, and most other applications will require software updates. Often, the software can be configured to automatically update or prompt for updates.
• It is recommended to enable automatic updates for any software on your computer that supports it.
• Alternatively, you can visit the software vendor’s website to see if a more current version is available.
• If you have many software installations on your computer, checking for updates for each may be time consuming.
• There is a tool to automate this process called Secunia Personal Software Inspector (PSI). Secunia PSI is a utility which helps keep your software up-to-date. It does so by scanning your PC, providing information about out-of-date programs on your computer, and streamlines the installation of software updates. PSI is limited to Windows platforms, and is intended to be used with personal computers or computers which are not centrally managed.
• The Secunia PSI can be downloaded from https://secunia.com/vulnerability_scanning/personal/download/

1. It is vital you do not transmit the encryption password via the same method as the encrypted data.
   • You should use another method to provide the password to the recipient. For example, if you are sending an encrypted file via email, you can send the password in a paper-based letter, or tell it to the recipient on the phone.
2. Do not lose your password (encryption key).
   • If you do lose your password, the files encrypted will not be accessible any longer. 

• Versions prior to M365 only used very weak encryption which can easily be bypassed and should not be used.
• Microsoft provides guidance on protecting Office files. This guidance includes instructions on encryption under the sections "Encrypt with Password."
• Microsoft Protect your Documents Info

Encrypted PDF files can be read with most PDF readers, including Adobe Reader. Below are various methods for creating a PDF protected by a password.

1. Create your document or open an existing PDF document using Word.
2. From the File menu select 'Save As'
3. Browse to a location to save the document.
4. Select PDF (*.pdf) as the document type and click the 'Options...' button.
5. In the PDF options section check the Encrypt the document with a password option.
6. You will be prompted to type in the password twice and then click OK.

Adobe

• Adobe Acrobat 2017, 2018, Adobe Acrobat DC

Nuance

Nuance Power PDF is the supported PDF tool at the University of Regina.  Nuance provides guidance on how to create an "Open password " so that the document can not be viewed without the password:

• Nuance Power PDF 

Pdftk

• Pdftk Server

• On most managed computers, zip files can be created and read with the software 7-Zip.
• The program can be should already be installed on managed systems. 

• 7-Zip

To create an encrypted zip file with 7-Zip:

1. Start 7-Zip, and in the main screen, select the file that you wish to encrypt
2. Click the Add button. This will open the Add to Archive window
3. Set Archive format to zip
4. Set Encryption method to AES-256
5. Enter a strong password (See, choosing a strong password)
6. Click OK

• iZip

To create an encrypted zip file with iZip:

1. Start iZip and click New
2. Click Specify name
3. In the Save As field, enter the name you want to give the encrypted zip file, select the location you want to save it in the Where field, then click Create
4. When asked about password protection, tick Enable password protection and enter a strong password (See choosing a strong password)
5. When asked about using encryption, choose AES 256 bit
6. iZip will then ask you which files and folders you want to add to the encrypted zip file. When you have finished adding your files/folders, click Next
7. iZip will display a summary of the options you've selected, click Next and your encrypted zip file will be created.

• You can use p7zip (a Linux command line version of 7-Zip on Windows) to create encrypted zip files. You can install p7zip with the following terminal command: sudo apt-get install p7zip-full
• Once p7zip is installed, encrypted zip files can be created with the following terminal command:
  • 7za a -y -tzip -p -mem=AES256 archivename.zip /path/to/filestoencrypt
  • You will be prompted to enter a password for your encrypted zip file, which will then be saved to your current location in the terminal.
• You can see a list of all available commands and switches in p7zip with the following terminal command: 7za -h

File Encryption means providing security for files that reside on media, in a stored state, such as a hard drives, USB drive, SD Card, or any other type of digital storage medium.

• Encrypted files are usually stored locally and are encrypted and temporarily decrypted while being used and than encrypted again after the user is finished using them.
• File encryption should be used when full system or full disk encryption is not used.

Data Confidentiality

• Encrypting stored files prevents unauthorized users from reading, copying, or deleting encrypted files.  
• File encryption can help protect files and information that are stored at-rest on your system.
• Identity thieves can use information obtained from unencrypted files to commit fraud or steal information from your system, so it is important to protect your data.
• It ensures that if your computer or device is stolen, data stored in an encrypted format will be unavailable to unauthorized users.

VeraCrypt is encryption software which makes digital files unreadable except to people who have the passwords to open them.

• Faculty and Staff using devices that contain sensitive information, personally identifiable information, financial or research information, etc., should install VeraCrypt to protect their files while stored.

VeraCrypt uses the terms VeraCrypt file, VeraCrypt container, and VeraCrypt volume to describe the file used to store encrypted data. However, VeraCrypt container is used for the purpose of this article.

VeraCrypt Containers are a virtual disk encryption mechanism, wherein the process of encrypting a file called a container, which can hold many files and folders, and permitting access to the data within the container only after proper authentication is provided. Once authenticated, the virtual disk is mounted and accessible.

VeraCrypt is open-source and free of cost.

Note: however, VeraCrypt is not officially supported as per Policy OPS-080-015 Supported Hardware, Software, and Mobile Devices.

• Tools such as VeraCrypt can encrypt a single file or a file container.
• For the most up to date version for your computer see https://www.veracrypt.fr/en/Downloads.html
• For instructions on how to create a VeraCrypt container, as recommended, see: https://www.veracrypt.fr/en/Beginner%27s%20Tutorial.html
• Full documentation for VeraCrypt: https://www.veracrypt.fr/en/Documentation.html