How to encrypt (almost) anything
It's all too easy to neglect data security, especially for a small business. While bigger organizations have IT departments, service contracts, and enterprise hardware, smaller companies frequently rely on consumer software, which lacks the same sort of always-on security functionality.
But that doesn’t mean that your data is unimportant, or that it has to be at risk.
Encryption is a great way to keep valuable data safe—whether you’re transmitting it over the Internet, backing it up on a server, or just carrying it through airport security on your laptop. Encrypting your data makes it completely unreadable to anyone but you or its intended recipient. Best of all, much of the software used in offices and on personal computers already has encryption functionality built in. You just need to know where to find it. In this article, I’ll show you where and how.
But first, a word about passwords
Any discussion about encryption needs to start with a different topic: password strength. Most forms of encryption require you to set a password, which allows you to encrypt the file and to decrypt it later on when you want to view it again. If you use a weak password, a hacker can break the encryption and access the file—defeating the purpose of encryption.
A strong password should be at least 10 characters, though 12 is better. It should include a mix of uppercase and lowercase letters, as well as numbers and symbols. If you find letters-only easier to remember, such a password can still be secure if it’s significantly longer; think 20 characters or more.
Encrypt your entire hard drive
You probably already have a login password for Windows on your PC, but that won’t actually protect your data if somebody steals your computer or hard drive—the thief can simply plug your drive into another PC and access the data directly. If you have lots of sensitive information on your computer, you want to employ full-disk encryption, which protects all your data even if your hardware falls into the wrong hands.
Microsoft’s BitLocker software makes setting up full-disk encryption in Windows incredibly easy—as long as your computer meets the following two criteria:
1. You have the Ultimate or Enterprise version of Windows 7 or Vista, or the Pro or Enterprise version of Windows 8.
2. Your computer has a TPM (Trusted Platform Module) chip.
The easiest way to see if your computer has a TPM chip is simply to attempt to enable BitLocker. Windows will let you know if you don’t have one.
To enable BitLocker, go to Control Panel > System and Security > BitLocker Drive Encryption, or do a search for “BitLocker” in Windows 8. In the BitLocker menu, click Turn on BitLocker next to the drive(s) you wish to encrypt. It’s as easy as that.
If your PC doesn’t meet the requirements for BitLocker, you can still use TrueCrypt or DiskCryptor for free full-disk encryption.
Encrypt your external and USB thumb drives
For full-disk encryption of thumb drives and USB hard drives, you can use BitLocker To Go, which is designed for removable media. You still need a professional or enterprise version of Windows, but you don’t need a TPM to use BitLocker To Go.
All you have to do is plug in the device you want to encrypt, and then once again go to the BitLocker menu. At the bottom of the menu, you’ll see the BitLocker To Go section, where you can click Turn on BitLocker next to the device.
Encrypt your Internet traffic
Sometimes you want to encrypt your outgoing and incoming Internet traffic. If you’re on an unsecured Wi-Fi network (at an airport, for instance), a hacker can intercept the data traveling to and from your laptop, which might contain sensitive information. To make that data useless to eavesdroppers, you can encrypt it, using a VPN.
A virtual private network creates a secure “tunnel” to a trusted third-party server. Data sent through this tunnel (either to or from your computer) is encrypted, so it’s safe even if intercepted. You can find Web-based VPNs that charge a small monthly fee but provide very easy access, or you can set up your own personal or business VPN.
The process of selecting or setting up a VPN is a little too long to describe here, so see our article on VPN for beginners and experts alike.
Encrypt your Dropbox (or other cloud storage)
If you or other people in your organization use Dropbox or SugarSync, you’ll be glad to know that those popular cloud storage services already encrypt your data, protecting it in transit and while it sits on their servers. Unfortunately, those same services also hold the decryption keys, which means that they can decrypt your files if, for instance, law enforcement directs them to do so.
If you have any really sensitive files in your cloud storage, use a second layer of encryption to keep them safe from prying eyes. The most straightforward way to do this is to use TrueCrypt to create an encrypted volume inside of your Dropbox. (For a complete guide to encrypting anything with TrueCrypt, see the end of this article.)
If you want to be able to access the data from other computers, consider putting a portable version of TrueCrypt in your Dropbox, as well. To do so, run the TrueCrypt installer; during the installation, choose the Extract option, and choose to put the extracted files in your Dropbox or other cloud storage.
Next page: Encrypt your email and nearly anything else...
Encrypt your email
Your email messages can contain some very sensitive information, which makes them a prime candidate for encryption. If you use Outlook, keeping your correspondence secure is easy.
Outlook encryption is not password-based. Instead, everyone who wishes to use cryptographic security features in Outlook receives a digital certificate, which serves to automatically encrypt and decrypt messages. Before two users can send each other encrypted messages, they must share their certificates by sending each other digitally signed messages. It sounds sort of complicated, but the process is actually straightforward, and takes only a few moments. To set up Outlook for encrypted messaging, follow the steps in the official Microsoft guide.
Once you’ve received and exchanged digital IDs, you can send an encrypted message by opening the new message window, clicking Options > More Options > Security Settings, and checking the box for Encrypt message contents and attachments.
Encrypt your Gmail messages
Email security is a little different when you're using Gmail, as the messages are stored on Google’s servers rather than on your local machine. When you compose or view email messages, they transfer over an encrypted HTTPS connection, so you don’t have to worry about their being intercepted. Really, your primary security risk with Gmail is that somebody else will gain access to your account—a risk you can minimize with good password practices and two-step authentication.
If you want to send a text email that absolutely nobody but its intended recipient can read, you can always use a browser-based encryption application to encrypt your message manually. Email the cyphertext (encrypted text) to the recipient, and then use some other channel to send the recipient the password—they can then use the same Web app to decipher the message.
Encrypt your Word, Excel, and PowerPoint documents
In Office 2010 and 2013, you can encrypt any Word, Excel, or PowerPoint document the same way: Click File, make sure that the Info tab is selected, and then click the Protect Document button. Finally, click Encrypt with Password, and choose a strong password for your file. Anyone who wants to access this file will need the password. As always, it’s not safe to send the password through the same channel that you use to send the file.
Encrypt your PDFs
Like the Microsoft Office products, Adobe Acrobat X Pro makes encrypting a file easy. The option is in the Tools tab at the upper right, in the Protection section. Click the Encrypt button, and then click the option labeled Encrypt With Password.
Encrypt Evernote notes
The cloud note-taking app Evernote is a great way to remember and organize important information, including account details, medical and financial records, and other sensitive data. If you feel uncomfortable leaving all that personal info out in the open, you should be relieved to know that Evernote has a built-in encryption feature. Simply open a note, highlight the text you want to hide, and right-click it. In the menu that pops up, select Encrypt Selected Text, and then create a password. Evernote hides the selected text, replacing it with a small lock icon. Whenever you want to view the text again, just double-click the icon and enter your password.
Encrypt anything else
Finally, I'm going to talk about a way to encrypt pretty much anything at all on your PC: TrueCrypt. A free, open-source application, TrueCrypt lets you encrypt any file or collection of files on your PC. If your personal or business PC has a variety of sensitive documents that you want to protect, this is probably the best option for you.
To use TrueCrypt, first download the program, and then run the installer. The default installation options are fine, so just click through to the end.
Next, run TrueCrypt and click the Create Volume button. A window will pop up to walk you through the volume-creation process. On the first two screens, leave the default options checked and click Next. On the third screen, you’ll be asked to specify a volume location. This is where the encrypted data is going to be stored on your hard disk, so choose a location and a name that will be easy for you to remember. To specify the location, click Select File, which will open a file-browser window. Unlike with most file-browser windows, however, here you type a name into the Name field, and then a file of that name will be created for TrueCrypt to use.
The next screen asks for encryption settings; the defaults are acceptable, so click Next. After that, you’ll be asked to specify a volume size. All the files that you want to encrypt will have to fit into the volume, so make sure to allocate enough space. If you’re storing just text documents, 500MB might be enough, but if you’re storing lots of media, you’ll want several gigabytes at least.
Now you’ll be asked for a password—so pick a good one! Finally, after selecting a password, you will be able to finish the process. Follow the instructions on the final screen, and click Format.
Now that your volume is created, you can use it to store files. In TrueCrypt, click Select File, and choose the volume file you just created. Then, click a drive letter and click Mount. After you enter your password, TrueCrypt creates a virtual drive, and the rest of your computer treats it as if you had just plugged in a real hard drive. You can access it as you do any other drive: by opening the file explorer and clicking its drive letter at the left.
Drag whatever files you want to encrypt onto the virtual hard drive; when you’re done, click Dismount in TrueCrypt. The files you stored in the virtual hard drive are encrypted and stored inside your volume file. When you want to access them again, simply run TrueCrypt and mount the volume file just as you did earlier.