OIS Security Bytes: Encrypt Your Sensitive Office Documents

UNC’s Office of Information Systems will be posting bite-sized IT Security tips for our users (formerly Tip of the Month). As IT security concerns become more a part of our everyday lives, awareness is one of our best allies. For more information, contact your local IT Support or chat with us at help.med.unc.edu.

OIS Security Bytes: Encrypt Your Sensitive Office Documents click to enlarge Passphrase Protected!

Encrypt Your Sensitive Office Documents

 OIS Security has received several questions regarding encryption of Microsoft Office documents. As the new Office documents (Office 2007 and newer; .xlsx, .docx) use AES 128-bit encryption, they do meet acceptable encryption standards.

 1)   The amount of protection offered, however, is directly related to the length and complexity of the password you choose. In this instance in particular, you will want to think passphrase instead. We recommend a length of 15 characters, particularly when securing sensitive data (PII or PHI). Here is a link to Microsoft’s site with some suggestions: http://windows.microsoft.com/en-us/windows-vista/tips-for-creating-a-strong-password

 2)   It is equally important then to protect that password. Do not store it in the same place as the file (i.e. in the email the file is attached to or on the server where the file is stored). Many password managers offer space for securely storing passwords not related to specific user accounts.

 Below, please find a link that describes (clearly) how to encrypt Office documents.