If your computer touches protected health information at all, you want to make sure it is using full device encryption. Let’s recognize that smartphones and tablets (e.g. iPads and Android tablets) are computers. So when we say “computer,” we mean everything that is computer-like.
Full-Device Encryption, or “FDE”
FDE can actually stand for “full-device encryption” or “full-disk encryption.” You can pick your favorite.
What really matters is that it refers to the idea of making sure every bit and byte that is being stored on your device is encrypted before it gets stored there. So the confidentiality of every bit and byte on that device is protected with great strength.
FDE mostly protects the confidentiality of your info against human threats, e.g. thieves; people possessing the fallibility inherent in the human condition and who accidentally lose a device; otherwise honest people who pick up your (locked!) device and start getting nosy; and sometimes hackers.
FDE can only protect your device from these threats when the device is locked. When you are using a computing device, you have unlocked the device’s encryption so that you can use it. This is because you cannot use encrypted data. In order for a device that employs FDE to be usable by you, it has to do the digital equivalent of leaving the keys in the lock for as long as you’re using the device.
So FDE is only doing its work when the device is locked.
For smartphones and tablets, this usually means the device is on its lock screen (where you enter your passcode.) There’s no need to shut down these devices in order to lock the encryption.
For laptop and desktop-type computers, locking the encryption usually means shutting down the computer. Putting a password on the screensaver isn’t enough. It generally must be powered off.
There are ways to lock the encryption on a laptop/desktop without shutting it off. They are usually known to higher-level techies, however. So if a tech professional tells you they have set up your computer to lock the FDE encryption without turning the machine off, you can believe them. In all other cases for laptops and desktops, don’t believe it is protected by FDE unless the machine is powered off.
FDE is dependent on your password to stay strong. When using FDE, your password for the device becomes the encryption key. If your password is easily guessed, the device might as well not be encrypted. Strong passwords are necessary for protecting FDE (making and using strong passwords is covered in section 6 of this training.)
Passwords are of special concern for smartphones and tablets. The default PIN codes and patterns are not strong enough. You need to set a stronger passcode than the default settings allow. Do a Web search or consult with a tech-savvy person for instructions on setting strong passcodes on your smartphone or tablet.
Macintosh computers and Android devices have FDE software built-in. You need only go into your settings and activate it.
Only the “Pro” level of Windows computers has built-in FDE. Most people have the “Home” level of Windows, and will need to upgrade to “Pro” in order to use FDE.
iPhones and iPads use FDE by default and it cannot even be turned off if you want to! You simply need to set a strong passcode and you’ve got it.
FDE is only a “sometimes” protection against hackers because hackers often work through viruses and trickery. FDE can sometimes protect the confidentiality of information from viruses, but not in any reliable way. We need more than just encryption to protect ourselves there. Hackers who target individuals also usually do so while the individual is actively using their device. That means the hacker strikes when the device’s encryption is unlocked.