File Storage and Encryption

Staff and students at Heriot Watt university have access to high-resilience, secure file storage. All users have personal storage space - your home drive (H: drive).  Staff also have access to shared storage space e.g. S: drive - the shared areas are normally used for team/departmental files.

You should save your HWU files to your H: drive, a shared area e.g. S: drive or your HWU One Drive.

You should not save files on your Windows desktop or the C: drive as these are not backed up - and the files may be vulnerable to damage or loss from fire, theft, hardware faults or operator error.

If you do save files to the Windows desktop, C: drive, a personal device or removable storage device it is your responsibility to ensure that you have secure copies of any important files you choose to store there.

Student file store (Edinburgh, Malaysia and Orkney campuses)

The following information applies to both undergraduate and post graduate students.

H: drive (Home)

All students have a personal storage area on secure university servers – your H: drive.
The standard H: drive quota is 2 GB - additional storage is available on request.

Off-campus access to your H: drive is via the Virtual Private Network (VPN).

R: drive - Research data storage area

Research data should be stored on University-managed network drives, which are both secure and backed-up regularly.  A dedicated research data storage area is available for this data (the R: drive).  See Research data management\Data storage and security for more information.

OneDrive

All HWU students have access to their HWU OneDrive through Office 365. Your OneDrive gives you 1 TB of storage space in the cloud.

You can access OneDrive from the Office 365 Web App – click the button in the top left of the Office 365 window and you will see it displayed in the apps pane.

You can access your OneDrive from anywhere via the internet (go to Office 365).

See User guides & handouts - Software Guides for more information.

Personal devices, Pen drives, external hard drives etc

If you are storing your work on your personal devices and drives remember to keep them safe.

It is your responsibility to make sure that you have a copy of any important data stored on your personal devices, so that your data isn't lost even if your device is.

Staff file store (Edinburgh, Malaysia and Orkney campuses)

H: drive (Home)

All staff and teaching PG students have a personal storage area on secure university servers – your H: drive.  The standard H: drive quota is 10 GB - additional storage is available on request.

Off-campus access to your H: drive is via the Virtual Private Network (VPN).

R: drive - Research data storage area

Research data should be stored on University-managed network drives, which are both secure and backed-up regularly.  A dedicated research data storage area is available for this data (the R: drive).  See Research data management\Data storage and security for more information.

Shared drives

All staff have access to their school or service shared drives e.g. S: M: etc

Off-campus access to your shared drives is via the Virtual Private Network (VPN).

Dropbox Enterprise

Dropbox brings your files together, in one central place. They’re easy to find and safely synced across all of your devices – so you can access them any time, anywhere.

Dropbox Enterprise is primarily intended to be for researchers but it is also open to other use cases if any of the following applies:

  • you generate large volumes of data
  • you work with external partners on a regular basis
  • you work off-line but still need to make your data available to others (i.e field trips)
  • you need to share data externally

For more information see the guide to Heriot Watt Dropbox Business Team, or contact ishelp@hw.ac.uk 

SharePoint

Authorised staff can store information on the university intranet site - SharePoint.  SharePoint pages can be viewed by all HWU staff.  Non-HWU users can be given access to SharePoint on request i.e. for project work with and on-behalf of the university.  Please contact ishelp@hw.ac.uk if you are requesting access for non-HWU users.

Information that you want to make available to all staff in the university can be added to SharePoint e.g. policies, staff forms e.g. expenses claims, and system information and help e.g. iHR.

Each school and service has a SharePoint site. You can access SharePoint off-site without using the VPN.

OneDrive

All HWU staff with an Office 365 account have access to their own HWU OneDrive. Your OneDrive gives you 1 TB of storage space in the cloud.

You can access OneDrive from the Office 365 Web App – click the app launcher in the top left of the Office 365 window and you will see it displayed in the apps pane.

OneDrive is useful for current pieces of work – particularly files where you are collaborating with individuals or groups both within and out with the University.

You can access your OneDrive from anywhere via the internet (go to Office 365).

Never share or store confidential/business critical HWU information on private third party cloud services like Dropbox, YouSendit, personal (i.e.not University) OneDrive, ICloud, Google Drive.

Confidential/business critical data should be stored on secure University systems. Data stored on your HWU OneDrive is held in Europe to comply with privacy laws. Data stored in private cloud accounts may be held anywhere in the world - with no accountability if the company loses your data.

See User guides & handouts - Software Guides for more information.

Personal devices, Pen drives, external hard drives etc

Staff should not store HWU work files on personal devices and drives.

Removable media (USB devices)

The physical nature of removable media such as USB keys and portable hard drives, means that these can easily be misplaced or stolen, leading to a loss of availability or confidentiality of the stored files.

Recommended alternatives include

  • SharePoint
  • Secure shared areas (via VPN for off campus)
  • Microsoft OneDrive for Business

These options ensure that your files are kept safe as well as significantly reducing the risk of loss or theft.

If you do use removable media: -

  • Never save the master copy of your files on the device
  • If storing personal or confidential information, the USB key or hard drive should always be encrypted (see below)

Further guidelines on the classification of data in relation to removable media can be found at Confidential information on portable media

Please note

  • If you choose to make use of removable media and/or the encryption methods below, you do so at your own risk.
Encrypting Removable Media

Microsoft Windows

  • Use Bitlocker to Go (Control Panel\System and Security\BitLocker Drive Encryption)
  • Right click the icon for the removable media to encrypt and password protect it.
  • Save a copy of the Bitlocker Recovery Key text file to your H:\ drive (not the removable media!) so that you can remind yourself what the password is if you forget it.

Apple OS X

  • Right click on the icon for the removable media to encrypt and password protect it
  • You can add a password hint

Linux

  • Options for encrypting removable media are available for most popular, current distributions of Linux.
Encrypting your University PC or Laptop

If you are working with sensitive information or data on a portable device then the hard drive should always be encrypted. Drive encryption protects against loss or theft of the device and ensures that third parties cannot gain access to sensitive information stored on the hard drive.

All new PCs and laptops running the University Managed Desktop Service (Windows 10) will be encrypted as standard. If you are using an existing PC or laptop on the University Managed Desktop Service, you can easily turn on drive encryption yourself using the instructions below. Alternatively you can contact Information Services at ishelp@hw.ac.uk for assistance.

Please note that we cannot encrypt personally owned devices for you, and that you do so at your own risk.

University Managed Desktop Service (Windows 10)

  • Open Start | Control Panel | System and Security | Bitlocker Drive Encryption (or search for Bitlocker Drive Encryption from the Start menu search box)
  • Click on Turn on BitLocker
  • You may need to restart your machine to turn on the "TPM" hardware. Follow the instructions on screen to do so.
  • Once the drive is prepared you will be prompted to store your recovery key. You can choose any option, but we'd recommend saving the recovery key to a file on your H drive, with a name you'll understand (e.g. HWLAP0346recoverykey.txt) so that it is backed up and secure. You may also wish to keep a copy off campus in case of emergency, but it should be kept separate from the PC. This key is also stored by Information Services so we can usually recover it for you if needed.
  • You will then be prompted if you are ready to encrypt this drive. Run the Bitlocker system check (which will restart your PC again).
  • When you start up again, Bitlocker will start to encrypt your drive. This may take several hours depending on the state of your system. You can check this by going back into the Bitlocker Drive Encryption control panel. You can carry on working while this is happening.

Apple Mac

Guidance for encrypting your Mac hard drive is available on the Apple website at: https://support.apple.com/en-gb/HT204837

Linux

Options for encrypting Linux hard drive partitions and folders are available for most popular, current distributions of Linux. Please consult the guidance relating to your distribution.

Encrypting your mobile device or tablet

If you are working with sensitive information or data on your mobile device or tablet then the device should always be encrypted. Device encryption protects against loss or theft of the device and ensures that third parties cannot gain access to sensitive information stored on the device. All recent versions of Apple iOS and Android provide device encryption.

Apple iOS (iPhone and iPad)

The moment you set a passcode or enable Touch ID on the device running iOS 8 and above, the full device encryption is turned on automatically.

* Launch the Settings app on your iPhone or iPad.

* Select Touch ID & Passcode from the list of available options.

* Select Turn Passcode On and enter in a passcode of your choice. A longer alphanumeric passcode is recommended but a six-digit PIN code will do as well. Avoid four-digit PINs as your passcode. You can change this from Passcode Options in Set Passcode screen.

Now to confirm if encryption is enabled or not, select Settings > Touch ID & Passcode and then scroll to the bottom of the screen. You should see “Data protection is enabled”.

Android

On recent Android devices

* Select the Settings app, Security then Screen lock.

* Add a passcode for the lock screen. Avoid four-digit PINs as your passcode.

This instantly provides the device with a layer of security, and therefore enables encryption.

To confirm if encryption is enabled or not, select Settings > Security > Encryption > Encrypt phone. You should see “Encrypted”.

For older Android devices please consult the supplier guidance relating to your device.

C: drive

Do not store data on the HWU student or staff Desktop or the local C: drive.

These areas are not backed up and you will lose your data if the device is stolen, becomes faulty or if it is re-imaged.

Restore previous versions

If you accidentally delete a file from a network drive or share e.g. H:, R: or S: drive you may be able to recover an earlier version of the file using Restore Previous Versions.

  1. Go into Windows Explorer
  2. Right click on the folder/file you want to restore
  3. Left click on Restore Previous Versions