Encrypt or Risk Serious Data Loss!
For a majority of us, our most valued possession at work is our laptop because that is where all our essential data and information resides. If you were to lose that laptop not only will it make a hole of $500 (or more) in your pocket, but it will also put all your personal information and sensitive work-related data at risk. Now you might think that your laptop is password protected and so all your data is safe but that is not the case. While your password can prevent someone from logging in to your laptop, it doesn’t stop a hacker from removing the hard drive and putting it in to another laptop or PC thus gaining access to all the files stored on your laptop. What’s more is that the hacker can also reset the password on your laptop and gain access to all your emails, work applications and other personal and confidential information. The good news is that you can prevent yourself from falling prey to data theft (even if your laptop gets stolen) with the help of data encryption.
What is data encryption and why is it important?
Growing up have you ever play with decoder rings where you could decode a message using a secret cypher and only people with the cypher could decode it? Encryption is quite similar to those decoder rings. It is a mathematical process in which data gets scrambled into another form or code and can only be accessed by someone who has the secret key or password to decrypt (unscramble) it. The encrypted text is called cyphertext and the unencrypted text is called plaintext.
So, if your laptop was encrypted, then there is no way for hackers to access any files or data on it without the key or password. And in this case hackers won’t be able to reset your password either because of the device encryption. Now that we know encryption is a highly effective and popular data security method available to organizations, how do we start using it? Believe us, encrypting your device or hard disk is not rocket-science. It is a very easy, straightforward and non-technical process that anyone can perform and takes only a few minutes (sometimes hours) get up and running. In fact, these days the ability to encrypt all the data on a device is usually built-in to its operating system, making it very easy for all of us to protect our data and privacy.
How to encrypt your hard drive or device?
To encrypt your laptop or hard drive, you would need to perform a full-disk or whole disk encryption. This is the most transparent and easy way of encrypting data. It requires you to provide an encryption password or have the computer read an encryption key (a random alphanumeric key) from a USB device every time you turn on your computer. Once you log in you can see all your encrypted files as normal files.
How to encrypt your MAC:
- Go to System Preferences > Security & Privacy > FileVault.
- Click the Turn On FileVault button
- IMPORTANT:Note down the recovery key that is automatically generated as a part of the setup, store it away from your Mac and do not lose it at any cost! (see warning below)
- Wait for encryption to complete. You can continue using the laptop while you wait.
How to encrypt your Windows device
*** See Windows laptops need a TPM chip to store an encryption key section.
Standard Device Encryption:
- Go to Start > Settings > Update and Security > Device Encryption. (If Device Encryption does not appear then it is not available. Use BitLocker Encryption in that case.)
- Select Turn on.
Standard BitLocker Encryption:
- Go to Control Panel > BitLocker Drive Encryption. (BitLocker might not be available for all versions of Windows)
- Click the Turn on BitLocker next to the drive you want to encrypt.
- Enter a long and varied alphanumeric password.
- Create a backup of the recovery as per the instructions on the screen.
- Choose whether to encrypt used disk space only (faster) or the removable data drives as well and then start the encryption process.
For Linux devices, you can encrypt the disk during installation of the operating system or do a post-installation encryption using popular third-party encryption tools like dm-crypt, VeraCrypt and AXCrypt. Make sure to pick a tool that is regularly tested and updated. These days encryption is also included as a part of various anti-malware suites like Symantec, Kapersky, etc.
Other types of computer encryption
A full-disk or whole-disk encryption is the easiest way, but it is not the only way to encrypt your laptop or computer. You can also encrypt your computer using the following:
Individual file and folder encryption – In this type of encryption only specific items are encrypted (the ones that you select). This encryption is most useful when the confidential information or data stored on a computer is not much, and so you want to encrypt only those few files and folders.
Volume encryption– This type of encryption creates a container of sorts that’s fully encrypted. All files and folders created in or saved to that container are encrypted. The best thing about containers is that they are portable and so you can move them from one laptop to another even without the key or password. However, to access the files and folders in the container you need to know the decryption key.
Things to consider when using Data Encryption:
- Backup your laptop or computer regularly. This is particularly important in case your encrypted disk crashes or becomes corrupt. If you don’t have a backup in such a scenario then all your data is lost forever.
- Create a complex password or key and don’t forget it! Create a long and complex password using alphabets, numbers and characters. The longer and more complex the password the more difficult it is to crack (see table below). Memorize you password and/or encryption key (because these could be the same or different) or note it down someplace other than you laptop.
- Windows laptops need a TPM chip to store an encryption key. A TPM chip is a secure crypto-processor that helps you generate, store and limit the use of an encryption key. So before starting encryption of a Windows laptop, you need to learn more about whether your laptop has a TPM chip, how to enable TPM, or add a TPM chip to a laptop that doesn’t have one. ***
- Data encryption can protect your laptop and its data, but it is not a complete security solution. Hackers can still access your data if you click on a phishing link in your email or if you use an insecure network connection at a coffee shop. To be able to overcome other such security threats you need to be security aware. Learn more about security awareness in ECHO’s Security Awareness Closing the Gap webinar video.>
If data encryption still feels like a mammoth task to you and you would rather have an expert do the job then reach out to ECHO!