A discreetly tucked-away folder that contains your résumé, your tax returns, and other important files may be convenient for you, but it’s also a gold mine for online crooks who steal and sell digital data on a thriving black market.
Even though encrypting data unquestionably helps protect it from thieves, many users in the past felt that using encryption programs wasn’t worth the trouble. But times change: In the second half of 2007, thefts of laptops, hard drives, and computer accounted for 57 percent of sensitive data losses reported by companies, according to Symantec.
Luckily, as data theft has become more common, encryption has gotten easier to use. An array of options today–both free and paid–can keep your information safe even if someone walks off with your laptop or breaks into your PC.
Full-disk encryption protects everything on a hard drive–even if the drive departs in someone else’s pocket.
BitLocker, a utility built in to Vista Enterprise and Vista Ultimate, provides such protection. You’ll find it in the Windows Security Control Panel.
Other Windows users–and Mac and Linux aficionados–have options as well. TrueCrypt is a free, easy-to-use open-source encryption product maintained by an active development community. If you feel more comfortable working with commercially supported, full-featured software, consider PGP Desktop ($99).For encrypting USB thumb drives, Windows users can nab the free Rohos Mini Drive download.
File encryption protects only the files and folders you specify, of course. Typically you’ll set up a folder or virtual drive to encrypt any files saved inside it automatically; as long as you haven’t left the relevant folder or files open,the person won’t be able to access the protected data. In contrast, if you set up your PC with full disk encryption enabled, you have no protection once you log in and unlock the drive.
File encryption can also protect against doh! moments such as accidentally sharing more than you meant to with a misconfigured file-sharing program, for example. The drawback, compared with full-disk protection, is that if you unthinkingly save a sensitive file outside an encrypted folder, it’s fair game. If you want maximum protection, you can use both full-disk and file encryption on the same drive.
Setting It All Up
To set up up file or folder encryption with a program like TrueCrypt or PGP Desktop, first open the program and elect to create a virtual disk (which gets its own drive letter in Explorer) or an encrypted folder. You’ll have to choose a good password and a type of encryption (the default is usually fine).
After creating the virtual drive or folder, you can access it whenever you want: Simply double-click it, supply the password, and save data to it as if it were any other drive folder.
Mac OS X users can use the built-in FileVault to encrypt the home directory through the Security component of System Preferences. In addition, FileVault can also create encrypted virtual disks (which can be moved to a USB key or other storage device) via the Mac’s Disk Utility.
BitLocker doesn’t allow file encryption; but a file encrypted with third-party software in one operating system can be decrypted in others–convenient if your workplace runs multiple OSs.
E-mail encryption isn’t widely used outside specific industries. It involves an extra key-exchange step with recipients. Both PGP and the open-source Gnu Privacy Guard project can handle e-mail encryption.
No Slowdown, But Drawbacks
A fast computer today can handle encryption and decryption processing without suffering a noticeable slowdown. But protecting data with encryption does require you to remember yet another crucial password, and losing the key is like losing the combination to an unbreakable safe: You may never recover the encrypted data.
Another vulnerability arises if you copy or save unencrypted files to a USB drive or other backup media, and you don’t encrypt your backup drive.
“A lot of us have drives beyond the computer,” says John Dasher, a marketing director for encryption firm PGP. “It doesn’t make much sense to encrypt your main drive, if all your important files are sitting on a USB thumb drive sitting in your desk drawer.”
Finally, even the best encryption system doesn’t protect against all data-theft threats. If an online intruder infects your PC with a keylogger, the malware can steal online banking data and passwords as you type, or even capture and transmit screen shots, regardless of how that data is saved or sent (though it wouldn’t be able to get to your encrypted files without that password). Use a good antivirus program and keep all of your software–not just your OS–up-to-date to protect against malware threats.
Robert Lemos is a freelance technology and science journalist and acts as managing editor for SecurityFocus.com, a security news and information site.