You & Your Data, Part 1: Full Disk Encryption
You & Your Data: Full Disk Encryption
This series is called You & Your Data and is focused on the relationship between You and the Data you should control. Our series is also designed to compliment the vision of increasing user’s data protection in our expanding digital world. The first subject we will examine is Full Disk Encryption.
What Is it?
Full disk encryption is basically the act of protecting all of the files residing on the hard drive of your machine. The main benefit is that full disk encryption keeps your data safe while your computer is off . Without a proper login by someone knowing the decryption key and/or passphrase, the data on your encrypted computer is just a bunch of gobbledy-gook.
Full-disk encryption keeps your data safe while your computer is off.
When we say “ data on your computer,” this refers to all the files used by the operating system of your computer, the programs and applications you use, and all of the Word docs, pictures, and miscellaneous files contained inside your machine and that are saved on your hard drive.
As with most things in life, there’s a balance between doing the most when encrypting your drive vs. the time and technical expertise required. This post is aimed on finding the sweet spot, where most users can act on our recommendation while being as secure as possible.
When You Should Use It
So when should you use disk encryption? The short answer is always, but the long answer depends on what you use your machine for. A good rule of thumb is to ask, “If my computer was stolen, what personal information or sensitive files are on it?” If you answer anything besides “Nothing” than full disk encryption is the option for you!
Also, according to Bitglass’s Financial Services Report 2016 , one in four breaches that occurred in the U.S. financial sector over recent years was the result of lost or stolen devices.
One in four breaches that occurred in the U.S. financial sector over recent years was the result of lost or stolen devices.
So if your computer is used for business purposes, encrypting it is a very good idea.
After fully encrypting your machine, you should notice an immediate benefit to your peace of mind. This comes from knowing that no one can access info on your computer without your permission.
Fully encrypting your disk makes it much harder for hackers, government agents, and especially thieves who steal or acquire your physical device to compromise it. Full disk encryption even protects against a malicious “computer repair person” who could put something nasty on your device while fixing it.
The downside to fully encrypting your computer is that it takes time — generally around a few hours. The good news is that it’s a one-time action and can be done while you sleep.
Another downside is that if an encrypted drive gets corrupted all of the data on it is probably lost. This is why it is highly recommended to regularly backup your machine to an external hard drive or cloud service, and to secure your passphrase and key somewhere other than your encrypted machine.
If you lose your key (it is shown to you when you begin the encryption process) & passphrase you will lose access to your computer. Also, if someone else gains access to your passphrase or key, they will now have the ability to decrypt your files — so be sure to store it in a safe place.
How To Do It
This makes sense as FileVault is included with all Mac OS’s, and similarly BitLocker is included on Windows. Using any of these solutions can give you a good start with disk encryption.
So how do you actually encrypt your device? This depends on what Operating System you are running. The three most popular OS’s are Windows, Mac, & Linux. Rather than outline the specifics for you, we’ve reviewed and are recommending the following guides for each OS. (Links Below)
- Windows default — BitLocker Guide Step 9, select Full Disk Encryption instead
- Mac default — FileVault Guide
- Works on anything — VeraCrypt Guide
Keep in mind these two important things:
Back up your Encryption Key and/or password! Some of the above options will give you the ability to choose between a Key or password. Whichever you choose, make sure it is saved in at least 2 places. Bonus points if those places are offline. (USB or printed on paper).
After you have fully encrypted your hard drive, you must make regular backups! We suggest saving to an external hard drive once a week (more often if you modify critical files daily).