Select Language:
Mobile gadgets are prone to misplacement. A laptop may be forgotten on a bus or train, a smartphone might slip from a pocket, or a USB flash drive could drop unnoticed. Losing such items often leads to significant financial repercussions. Yet, the real danger often lies in the potential data loss.
Crucial and confidential files, like tax records, are frequently stored on laptops. Sometimes, sensitive corporate documents reside there as well. And smartphones not only contain emails but also contact lists and WhatsApp conversations.
While laptops often have password protection, the files stored within are usually accessible once the device is turned on. Booting from a live system allows anyone to easily read and duplicate the data.
USB drives often just need to be connected to a computer to access the stored content. Conversely, smartphones encrypt their file systems securely, making unauthorized access more difficult.
However, if a device has recently been used, the screen lock might not have re-engaged yet, allowing someone to read and share data via email or messaging apps.
The situation becomes especially complicated if a device is deliberately stolen. Thieves may seek confidential company information or credit card details. Therefore, encrypting essential files is crucial.
Encryption Methods
When securing a laptop’s SSD or an external hard drive, two primary encryption approaches are available:
- Full Disk Encryption (FDE)
- File-Level Encryption (FLE)
FDE involves encrypting the entire drive, including the operating system. Windows Pro and Education editions include BitLocker, which offers FDE encryption.
This feature can be found in the Control Panel under “System and Security > BitLocker Drive Encryption.” Activating it prompts all users to enter a password during startup.
Once encrypted, files on the SSD are inaccessible without this password. BitLocker utilizes the computer’s TPM chip, providing a high level of security.
However, FDE’s protection is limited to when the device is powered off or Windows is not logged in. Once unlocked, malware or hackers can access files remotely if the device is active.
Encrypting Files on Laptops Using EFS
An alternative to FDE is File-Level Encryption (FLE), which encrypts specific files or folders. FLE remains active continuously, requiring a password for access.
Windows implements this with the Encrypting File System (EFS), integrated into the NTFS structure. To encrypt a file or folder, right-click, select “Properties,” click “Advanced,” check “Encrypt contents to secure data,” then confirm.
Decryption automatically occurs when you log in to your user account. However, if the account password is forgotten or the account is deleted, access to those files is lost, just like with FDE.
Using VeraCrypt to Encrypt Entire Drives
While EFS encrypts individual files, VeraCrypt offers a way to safeguard entire drives. It creates encrypted containers or encrypts entire disks, with the option to store files securely within a virtual drive.
Launching VeraCrypt and choosing “Create Volume” initiates a setup wizard. Select “Create encrypted container file,” then “Standard VeraCrypt volume.” Specify the file name and path, then proceed.
Set the size for your container, ensuring adequate space. Choose a strong password—long, complex, and unique. Format the volume, selecting “NTFS” as the file system and moving your mouse around to generate randomness for encryption keys.
Once formatted, you can mount this container as a virtual drive by selecting a drive letter, browsing to the container file, and clicking “Mount,” then entering your password.
This approach makes it difficult for others to see or access the data without the password, offering robust security for portable storage devices.
Securing Smartphone Data with Secure Folder
Modern smartphones encrypt stored data by default, but this protection may not suffice if the device is lost before the screen lock reactivates.
Android 8 and later include a “Secure Folder” feature, available via the Google Files app or as a standalone download from the Play Store. This vault enables storing sensitive data separately and securely.
The Google Files app allows creating a secure, encrypted folder for sensitive data.
IDG
Within Google Files, navigate to “Collections > Secure folder.” Assign a PIN or pattern different from your device login to prevent unauthorized access.
To move files into this protected space, press and hold the file, then choose “Move to secure folder.”
To access files, open “Collections > Secure folder,” enter the PIN or pattern, tap the file, then select “More > Remove from secure folder.”
Important: Forgetting the PIN or pattern means permanent loss of access to the secure vault.
Encrypting External SSDs Using BitLocker To Go
VeraCrypt is suitable for permanent encryption on a laptop SSD. For external drives, Windows’ native BitLocker To Go provides a convenient solution, included in the Home edition.
Search for “BitLocker” in the taskbar and select “Manage BitLocker.” The external drive will appear with a status indicating “BitLocker disabled.”
Click to activate, choose “Use a password to unlock the drive,” set a password, and save the recovery key to a file on your desktop.
Decide whether to encrypt only used space or the whole drive. For broad compatibility across Windows systems, select “Compatible mode” and start encryption.
Whenever the drive is connected, Windows will prompt for the password, ensuring data remains protected.
Encrypting USB Sticks with 7-Zip
The free archiving tool 7-Zip can quickly secure USB files. It creates password-protected ZIP archives using AES-256 encryption. To encrypt, right-click the files, choose “Add to archive,” name the file with a “.zip” extension, and set a strong password.
In the encryption options, select “AES-256” as the method. Confirm with “OK,” then a protected ZIP file is created.
Accessing the files requires opening the ZIP with 7-Zip and entering the password. Attempting to extract the data directly from Explorer will not succeed without proper authentication.
This method allows for quick encryption of USB files using 7-Zip, with strong AES-256 protection.
IDG
Steps to encrypt files:
- Select files in Windows Explorer, right-click, and choose “Show more options > 7-Zip > Add to archive.”
- Name the archive, keep the extension as “.zip,” and set a secure password in the “Encryption” section.
- Ensure the “Encryption method” is set to “AES-256,” then click “OK.”
- The ZIP file is now password-protected. Access its contents by opening with 7-Zip and entering the password; direct attempts via Explorer will lack access.
This approach offers a quick and secure way to encrypt files on a USB drive, utilizing 7-Zip with AES-256 encryption.
IDG
After creating a VeraCrypt container, mount it as a virtual drive within your system for secure access to files.
IDG
Hardware-Based Encryption
Encryption and decryption are managed directly by the CPU during data transfer processes. Hardware encryption is predominantly used for external USB drives today.
These devices feature a dedicated AES encryption chip positioned between the system BIOS and the operating system.
This chip handles all encryption duties during data access, keeping the entire drive continuously protected. To unlock the drive, a password stored on the device is required.
External drives equipped with built-in hardware encryption chips, such as AES modules, provide high-level data security.
IDG
Add us on ChatGPT
Add us on Perplexity
