Tech Tidbit – Endpoint Encryption Must Be Turned On – Everywhere

October 9th, 2023
Tech Tidbit – Endpoint Encryption Must Be Turned On – Everywhere

Today's Tidbit should be quite simple once you get going. NIST requires data to be encrypted in transit and at rest.

Probably you have a number of staff and techs who have laptops that leave the district.

You must make sure that 100% of the Microsoft and Mac laptops that leave the district have a strong encryption framework in place. This really is true on all Windows and Mac devices on your network, but your biggest risk starts with all the devices that leave the district.

Microsoft has Bitlocker free in all Windows 10 endpoints. You simply have to turn it on. Please make sure it is on everywhere. SCCM has a free, optional console to easily manage Bitlocker. Azure AD joined devices have their Bitlocker keys managed in the Azure Device Management console.

For Macs Apple provides FileVault. It also should be turned on.

Years ago a laptop went rogue from a local hospital that had personally identifiable information on it. The hospital ended up buying identity protection services to protect their clients - just in case.

If BitLocker was in place, that "data" would have been gibberish without credentials

If you need help getting started with this, give us a call.

-Scott Quimby, CISSP