There was a time when encryption was only important for governments and big business. But as more and more of our data has shifted from physical to digital, the need to protect everything we create, store and share has become increasingly important. So, how do you protect the data you store?
If you've got Windows 10 Pro, you can use Microsoft's integrated BitLocker tool to encrypt your local hard drive. That way, if your PC is lost or stolen, bad guys can't access your data.
Even if the hard drive or other internal storage is removed it can't be accessed.
To enable BitLocker:
- Open File Explorer and right-click on the drive you want to encrypt.
- Choose Turn on BitLocker from the menu that appears.
- If your system has a Trusted Platform Module (TPM), you can go ahead and turn on BitLocker
If your PC lacks a TPM, you can still use BitLocker although you'll need to jump through a few hoops and make a change to a Group policy. If you're on a domain, you'll need an admin to do this.
For a local account:
- Press Windows+R to bring up the Run dialog, type in gpedit.msc and press OK.
- Navigate to Local Computer Policy | Computer Configuration | Administrative Templates | Windows Components | BitLocker Drive Encryption | Operating System Drives on the left side of the screen.
- Double-click on Require additional authentication at startup option in the right side.
- Select Enabled at the top of the window, and ensure the Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) is checked.
- Hit OK and close the Group Policy Editor. The change takes immediate effect
Then you can encrypt your local hard drive.
Apple's take on encrypting your local hard drive takes a similar route. FileVault encrypts the local drive.
To enable FileVault:
- Open System Preferences and launch the Security & Privacy applet.
- Go to the FileVault section and click on the Tun on FileVault... button.
- You'll need to confirm that any other suers that share the computer will need to enter their passwords to access the Mac and choose how you'll recover your data should you forget your password.
- You can then resume using your Mac as the drive is encrypted while you're working.
PGP (Pretty Good Privacy) has been around for ages. GnuPG is a free implementation of the OpenPGP standard that lets you encrypt and sign your data and communications.
The software is regularly updated, with the most recent GnuPG release made just a week ago.
The nature of the GnuPG project is that the developers don't release installers for different operating systems. Instead, they leave that to others to compile and distribute. The download page lists some distribution points and they also list software that support GnuPG.
TrueCrypt And VeraCrypt
For a number of years, people swore by TrueCrypt for protecting their data but the product's reputation took some stick a few years ago when the developers stopped work and not trusting the open source community to keep it secure.
While some folks still think it's safe, it's hard to recommend a security product that the original developers have abandoned.
However, a fork of the last stable release of TrueCrypt, VeraCrypt emerged with its developers saying it "solves many vulnerabilities and security issues found in TrueCrypt". The developers say they passed an audit for version 1.19, which was released in October 2017, saying all identified issues were resolved.
Development of VeraCrypt has progressed with regular updates with the most recent release occurring in September last year. If you've been using TrueCrypt, VeraCrypt can open TrueCrypt volumes.
AxCrypt is a free encryption tool for Windows, although there is also a Mac viewer in the free version. It allows you to encrypt entire volumes as well as individual files.
As well as offering an installable version, there's a portable option that runs from a removable disk. And while this lacks the context menus the installable version plugs into Windows, it lets to encrypt and decrypt files from its own Explorer-like interface.
What encryption software do you use? Do you just rely on your operating system? Or is it all a waste of time and effort?