How to encrypt (almost) anything

It's all too easy to neglect data security, especially for a small business. While bigger organizations have IT departments, service contracts, and enterprise hardware, smaller companies frequently rely on consumer software, which lacks the same sort of always-on security functionality.

But that doesn’t mean that your data is unimportant, or that it has to be at risk.

Encryption is a great way to keep valuable data safe—whether you’re transmitting it over the Internet, backing it up on a server, or just carrying it through airport security on your laptop. Encrypting your data makes it completely unreadable to anyone but you or its intended recipient. Best of all, much of the software used in offices and on personal computers already has encryption functionality built in. You just need to know where to find it. In this article, I’ll show you where and how.

But first, a word about passwords

Any discussion about encryption needs to start with a different topic: password strength. Most forms of encryption require you to set a password, which allows you to encrypt the file and to decrypt it later on when you want to view it again. If you use a weak password, a hacker can break the encryption and access the file—defeating the purpose of encryption.

A strong password should be at least 10 characters, though 12 is better. It should include a mix of uppercase and lowercase letters, as well as numbers and symbols. If you find letters-only easier to remember, such a password can still be secure if it’s significantly longer; think 20 characters or more.

If you’re unsure about whether your password is good enough, run it through Microsoft’s free password checker. Never use a password rated less than “Strong.”

Use Microsoft's BitLocker for full-disk encryption.

Encrypt your entire hard drive

You probably already have a login password for Windows on your PC, but that won’t actually protect your data if somebody steals your computer or hard drive—the thief can simply plug your drive into another PC and access the data directly. If you have lots of sensitive information on your computer, you want to employ full-disk encryption, which protects all your data even if your hardware falls into the wrong hands.

Microsoft’s BitLocker software makes setting up full-disk encryption in Windows incredibly easy—as long as your computer meets the following two criteria:

1. You have the Ultimate or Enterprise version of Windows 7 or Vista, or the Pro or Enterprise version of Windows 8.

2. Your computer has a TPM (Trusted Platform Module) chip.

The easiest way to see if your computer has a TPM chip is simply to attempt to enable BitLocker. Windows will let you know if you don’t have one.

To enable BitLocker, go to Control Panel > System and Security > BitLocker Drive Encryption, or do a search for “BitLocker” in Windows 8. In the BitLocker menu, click Turn on BitLocker next to the drive(s) you wish to encrypt. It’s as easy as that.

If your PC doesn’t meet the requirements for BitLocker, you can still use TrueCrypt or DiskCryptor for free full-disk encryption.

BitLocker protects pocket drives as well.

Encrypt your external and USB thumb drives

For full-disk encryption of thumb drives and USB hard drives, you can use BitLocker To Go, which is designed for removable media. You still need a professional or enterprise version of Windows, but you don’t need a TPM to use BitLocker To Go.

All you have to do is plug in the device you want to encrypt, and then once again go to the BitLocker menu. At the bottom of the menu, you’ll see the BitLocker To Go section, where you can click Turn on BitLocker next to the device.

Encrypt your Internet traffic

Sometimes you want to encrypt your outgoing and incoming Internet traffic. If you’re on an unsecured Wi-Fi network (at an airport, for instance), a hacker can intercept the data traveling to and from your laptop, which might contain sensitive information. To make that data useless to eavesdroppers, you can encrypt it, using a VPN.

A virtual private network creates a secure “tunnel” to a trusted third-party server. Data sent through this tunnel (either to or from your computer) is encrypted, so it’s safe even if intercepted. You can find Web-based VPNs that charge a small monthly fee but provide very easy access, or you can set up your own personal or business VPN.

The process of selecting or setting up a VPN is a little too long to describe here, so see our article on VPN for beginners and experts alike.

TrueCrypt helps to add another level of protection to Dropbox data.

Encrypt your Dropbox (or other cloud storage)

If you or other people in your organization use Dropbox or SugarSync, you’ll be glad to know that those popular cloud storage services already encrypt your data, protecting it in transit and while it sits on their servers. Unfortunately, those same services also hold the decryption keys, which means that they can decrypt your files if, for instance, law enforcement directs them to do so.

If you have any really sensitive files in your cloud storage, use a second layer of encryption to keep them safe from prying eyes. The most straightforward way to do this is to use TrueCrypt to create an encrypted volume inside of your Dropbox. (For a complete guide to encrypting anything with TrueCrypt, see the end of this article.)

If you want to be able to access the data from other computers, consider putting a portable version of TrueCrypt in your Dropbox, as well. To do so, run the TrueCrypt installer; during the installation, choose the Extract option, and choose to put the extracted files in your Dropbox or other cloud storage.

Next page: Encrypt your email and nearly anything else...

Subscribe to the Business Brief Newsletter

Comments