Sensitive information might need to be sent as an email attachment or stored securely on portable data storage devices, such as USB sticks. There is usually no way of ensuring that the entire path from the sender to the recipient is safe and free from prying onlookers who could intercept the attachment or device and make their own copy.

One way of ensuring that only the sender and recipient can access the file is to encrypt it, and pass the special key over the phone or as printed paper. It is critically important that the key is not sent by email, as then the prying onlookers would have both the file and the means to unlock it.

There are several methods available to encrypt a file. IT Services recommends the use of 7-Zip (Windows) and iZip (Macintosh) software to convert the file into an encrypted ZIP file using the AES-256 encryption method.

It is of utmost importance that the AES-256 encryption method is used, as other default encryption methods for ZIP files might not be as secure. University staff are encouraged to refer to the following quick reference guides for instructions: 

• File encryption and decryption for Windows [PDF] [Intranet]
• File encryption and decryption for Mac [PDF] [Intranet]

• When sending an encrypted attachment via email, do not send the password by email (not even through a separate email). You can send the password by phoning the recipient, through an SMS, or via postal mail. Inform the person/s receiving the encrypted ZIP file that they need to install 7-Zip (Windows) or iZip (Macintosh) software in order to be able to open the file.
• In the event of transferring time-sensitive files, you and the receiving party are encouraged to trial the complete process by using a generic document and generic password. This will ensure that encrypted files can be received and opened successfully from the other party.