Encryption FAQs - Portable media

Because they are portable and used by so many people, two of the biggest risks to information security come from unencrypted laptops and USB sticks.

How can I encrypt removable media, such as a memory stick?

When Sophos SafeGuard is installed on laptops it includes Data Exchange (DX) software. This lets users encrypt removable media, such as memory sticks, CDs, DVDs and external hard drives.  This software is about to be piloted and is likely to become a 'business as usual product' by 1 January 2014.  Encryption users who need to encrypt removable media once it's available will be able to ask for this functionality. 

DX will work in two ways.

  • Users will be able to encrypt removable media using their own encryption key and set a passphrase (a password which uses a combination of words and letters. The space between them also forms part of the password) for their own use


  • create another key with a different passphrase when they wish to allow a third party to access the encrypted device; i.e. to post an encrypted memory stick to a third party and disclose the passphrase used to decrypt it to them by telephone or email.  DX will also be made available (as a stand-alone product) to desktop computer users on request, where there is a business need.

Can removable media encrypted on a computer using one Operating System (OS) by decrypted on a computer using a different OS?

At the moment it isn't possible to decrypt removable storage which has been encrypted using DX on a computer which uses a different operating system.; i.e. you cannot encrypt a memory stick using DX on a Windows laptop and decrypt it using DX on an Apple Macintosh laptop.  However, this may be possible following a later release of Sophos SafeGuard  software.