How can I secure an unencrypted swap parition?

Encryption of swap isn't usually done because of the time required to encrypt writes and decrypt reads -- swap, by its nature, needs to be as fast as possible, because swap space is more or less standing in for RAM you can't afford or don't have slots for.

I would point out, however, that if someone is pulling data out of your swap partition, your computer is already fully compromised -- either the attacker is at console and has rebooted to another OS (from a USB stick, perhaps), or they've gained full control of your system remotely and, at the least, dismounted the swap in order to apply read-write access.

That is to say, if swap partition security matters, swap partition security probably doesn't matter, because the attacker pwns everything on your system anyway -- even if they can't steal you "whole disk encrypted" storage, they can hold it hostage, or install software that will replicate and transmit every read and write in the unencrypted form.

While there are reasons not to encrypt swap, I would also argue that there are reasons a person might want to. Tightening security (physical or digital) always restricts and slows access. That's not a reason to avoid a given security measure. As pointed out in another answer, when RAM is full, it is desirable that swap work as quickly as possible.

That being said, if the content that may reside in swap is sensitive enough there may be cases in which the performance trade-off may be justified. By default, the ubuntu installer (I checked 18.04 and 16.04) creates the swap partition in the LUKS-encrypted, LVM2 partition when selecting FDE during installation. Hence, swap is encrypted.

If for some reason, your swap partition is not encrypted, you can still encrypt it. If you're using LVM, and the LVM partition is already LUKS encrypted, you could simply resize the file systems within LVM to make space for swap and then create a logical volume for swap. The resizing of the filesystems may need to be done from a bootable USB. Update your /etc/fstab file and you're done.

If you want to encrypt an existing non-encrypted swap partition, that is also possible, but takes a little more work. I'll list out the general steps.

1. While booted into your system, swapoff your swap partition.
2. Use cryptsetup luksFormat ... to encrypt the former swap partition.
3. Generate a key file to use for decryption and add it as a decryption key.
4. Decrypt the LUKS partition you just set up.
5. run mkswap on the decrypted partition.
6. Optionally remove the password you used when you set up LUKS encryption.
7. Save your key file as /root/keyfile
8. Update your /etc/crypttab file to include an entry that decrypts your swap partition using the key file, /root/keyfile.
9. update your /etc/fstab file to mount the encrypted swap (you need to get the UUID of the decrypted swap partition.)
10. Run sudo update-initramfs -k all -c to recreate your boot files
11. Finally, run sudo update-grub

Now swap is encrypted. When you boot, you'll put in the password to decrypt /. With root decrypted, /root/keyfile can be used by the system to automatically decrypt your swap partition.

There is a great write-up here about encrypting multiple partitions with a single passphrase. Since you're only trying to encrypt a swap partition, you can do it while booted into your installed system.