How to Encrypt Your Files, Folders and Other Data on Windows
You know already that the World Wide Web is a rather scary place full of people that want to harm you in every possible way. Okay, we probably went a bit over-the-top with that one, but nevertheless, a lot of individuals on the Internet are up to no good. In many cases, they are after your personal data which is why you've done what you can to protect it. You don't expose too much information online, and the data that you do share is secured with strong, unique passwords.
The thing is, personal data isn't stored only on the Internet. There's likely some of it on the computer you're currently using. You've got your family holiday snaps, important work documents, and personal projects. You wouldn't want them falling into the wrong hands, do you?
Data theft that involves physical access to the device is no longer the stuff of spy movies. Because computers are now portable, the so-called "Evil Maid Attacks" are becoming more and more common. What can you do to protect yourself?
How about setting a password for your Windows account?
By all means, do that if you haven't already, but don't forget that the Windows password was never designed to keep your files safe. It can stop someone who doesn't know it from seeing your desktop wallpaper, opening a browser window, and perhaps looking at your Facebook timeline if you have forgotten to log out. Your files, however, are a different matter.
As you probably know, they are stored on the device's Hard Disk Drive (HDD) or the more modern equivalent, Solid-State Drive (SSD). HDDs and SSDs are hardware components, and as such, they can be unplugged and taken out. In other words, an attacker armed with a screwdriver can take the data storage component out of your PC, connect it to their own computer, and access your files. Your Windows account password won't prevent them from doing that. The only way to ensure that your files are protected is to encrypt them.
The real solution
Encryption might sound like something only hardcore computer geeks understand, and indeed, detailed information on how it all works will probably be out of reach for most users. The basics, however, are not that complex. The encryption process scrambles the data in your files and makes it unreadable. Using a key, you can return the files back to their original state. Even if the attacker steals your hard drive, they can't view your files if they don't have the key.
In the past, encrypting files meant downloading third-party applications, reading manuals and even typing some commands in Windows' command prompt window. Now, however, Microsoft offers a tool that makes the process much easier.
Full disk encryption with Windows' BitLocker
Introduced with Windows Vista, BitLocker is Microsoft's built-in tool for encrypting fixed and removable drives using the Advanced Encryption Standard (AES) algorithm. Although it's been around for more than a decade now, BitLocker is still not available on all Windows versions. Windows 10 Home edition, for example, doesn't support it. Another thing you should bear in mind is that if your computer doesn't have a Trusted Platform Module (TPM) chip, turning on BitLocker could be more of a challenge. Here are the steps you need to take.
Open the Start Menu, type This PC, and hit Enter. Right-click on the drive that you want to encrypt (e.g., C:\) and select Turn on BitLocker. A wizard shows up which should guide you through the process.
The steps could differ depending on the version of Windows you're running, whether you're encrypting a system drive (the one where Windows is installed), and whether your computer has a TPM chip. In a nutshell, however, this is what you need to do:
- Pick a method for decrypting the drive. Again, depending on your configuration, the choices may differ, but you can choose from a password, a USB flash drive that works as a key, a smart card, or a biometric authenticator like your fingerprint if your device supports it.
- Back up your recovery key. BitLocker will generate a recovery key which can be used to decrypt the drive in case you are unable to use your main key for some reason. At this step, you need to make sure that it's securely backed up. You have the option of saving the key with your Microsoft account, printing it on a piece of paper, saving it in a file, or putting it on a USB thumb drive.
- Choose what to encrypt. You've got two options: encrypt the entire drive, including the free space or encrypt just the files that are already on it. New files added to the drive will be encrypted automatically anyway, so if you're enabling BitLocker for a new or recently wiped drive, it makes sense to encrypt only the data that's already on it. If on the other hand, you're protecting a used drive, encrypting everything, including the free space, is the more secure option.
This is pretty much all you need to do to make sure that all your files are encrypted.
Encrypting individual files
Encrypting your entire hard drive is the best way to ensure that in case someone steals your hard drive, they won't access any of your information. Let's face it, however, some of the files on your PC are more important than others, and in some cases, you might be willing to encrypt certain files instead of the entire drive. Often, sensitive information is contained in Word and Excel documents, and knowing this, Microsoft implemented an encryption tool in all of its products from the Office suite.
To encrypt a document, you need to click on the File tab. Then, click the Protect Document button and select Encrypt with Password. Choose a password that will protect the document, enter it, and make sure that you don't forget it. Unlike BitLocker, Microsoft Office doesn't have a recovery mechanism, and if you lose the password, you won't be able to open the encrypted document. Click OK, and with that, you're pretty much done.
Of course, there are numerous other encryption tools out there. Some are paid, and some are free. Some are easy to use while others require some technical knowledge. Depending on your skills and needs, you need to decide which option you should use. What you must not forget, however, is that data protection online is just as important as data protection in the real world. Encryption plays a part in both.