Encryption of emails, files and documents
When is encryption necessary?
As a general rule, all information classified as confidential, special (sensitive) categories of personal information, national identity numbers and large amounts of personal information must always be encrypted. Sending and storage of such data shall take place in accordance with the storage guide. Familiarize yourself with how to send data securely (ansatt.oslomet.no).
Rules for encryption at OsloMet
The password for encrypted files and documents must always be sent in a different channel than the actual package (files and documents), for example by SMS or over the phone. The password for the package must not be used more than once. Use a password with at least 16 characters, in line with OsloMets password rules.
The data must be encrypted with an encryption algorithm with a strength equivalent to or better than AES/RSA.
Secure file sharing via email
Encryption of e-mail when sending internally at OsloMet
When sending emails internally at OsloMet (between oslomet.no addresses), you can use Outlook's built-in encryption function. It turns on automatically when you classify the email with Sensitivity: Confidential (see image below). Note that this only applies to sending internally at OsloMet - to addresses ending in @oslomet.no.
Encryption of e-mail when sending to external recipients outside OsloMet
Sending information that requires encryption to external email addresses must be done using other solutions, such as filesender.uninett.no or by encrypting files with 7-zip.
When should I encrypt files?
Upon storing and sending of data files with sensitive information in open places such as the Internet (email), memory sticks, memory cards, DVDs and the like.
Research data and other information containing sensitive personal data should always be encrypted when sent by email.
Contact IT Service Desk if it is inconvenient for you to encrypt files as separate attachments in the form of zip files, and you wish to rather directly encrypt the contents of the emails, for example upon longer email exchanges that deal with sensitive information.
Encryption using filesender.uninett.no
- Go to filesender.uninett.no
- Log in using FEIDE
- Choose "Get a link instead of sending to recipients"
- Optional: Set an expiration date for the file. Short expiration date reduces risk of abuse.
- Upload the file you want to send.
- Choose “File encryption”
- Set a password containing at least 16 characters (according to OsloMet's password rules).
- Click “Send”
- Copy the link when you are notified that the upload is complete.
- Go to Outlook, create an email. Paste the link and send it to the correct recipient address.
- Send the password you selected for the file in another secure channel to the same recipient. Use SMS or give the password orally by phone.
- Log out of filesender.uninett.no
Compression and encryption using 7-Zip
Download the programme 7-Zip
- OsloMet PC: Install the software from the Software Centre (Windows 10)
- Private PC: Download 7-Zip from Sourceforge.net.
1. Compress files
- Right-click the file you want to encrypt.
- Select 7-zip - in the left menu.
- Then select: Add to archive - in the right menu
2. Add to archive
Select the compression format: (see screenshot below): ZIP
3. Encryption method
Always select the encryption method: AES-256
- Create a secure password consisting of at least eight - 16 - characters.
- Use both uppercase and lowercase letters, numbers and special characters.
- NB! Never send your password as open text in an email. The password must be agreed upon with the recipient and should ideally be delivered in person, preferably orally, for example by phone. Be careful if you choose to send your password via SMS.
5. Complete compression and password protection
To complete compression and password protection of the file, click: OK.
6. Zip file with the same name
- You will get an archive file in the same folder with the “.zip”-ending.
- The ZIP file will be encrypted with the password you chose.
7. Open and test the encrypted ZIP file
- Check that the file can be opened using the password you chose.
- If the password opens the document, the ZIP file is encrypted and ready to be stored or sent via email.
8. How to extract the zip file
Some applications are zipped to make large files smaller for faster downloads. A Zip file must be unzipped on your computer before you can use the program.
- Guide on how to extract Zip files (microsoft.com)
- Video tutorial on how to zip/ unzip files (windows.com)
Tips for using 7-zip
If SMS is used to send the password, you should make the recipient aware that the message with the password should be deleted before, or immediately after the encrypted file is received. This is because SMS is often stored "openly" on the same mobile device as the recipient's email inbox.
The file name should not contain information about the content. The file names inside the compressed zip file are always visible.
One should not uncritically open encrypted files on machines that can be used by unauthorized people.
When opening files, a temporary copy will be made under a temporary area on the C disk. For example, this is the path to the temporary file area: C:\Users\<bruker>\AppData\Local\Temp\... 7-Zip will normally delete this, but the file has then been stored unencrypted on the local disk and can be recreated.