Drive Encryption

Securing your data is done in layers. Usually we talk about firewalls and antimalware but just as important in our highly mobile world is drive or disk encryption. Most mobile devices support encrypting all the data on the device, and many even come set up this way by default. The reason is because we carry so much data on our mobile devices that we need to be able to ensure its security. What about laptops and flash drives though? Do you have client files on your laptop? Do you have a backup of Quickbooks on your flash drive? What if either of these is lost or stolen? Is the data safe?

Drive encryption or whole disk encryption allows you to encrypt every file on your computer or a flash drive so that a password or key is required to read those files. On a laptop there is usually a special security chip called a TPM that requires a password in order to boot up the computer. Once you enter the password you are able to access the files and the laptop boots up normally. Where having the drive encrypted comes in handy is if someone removes the hard drive from your laptop to try and get at the data directly. All the thief gets is gibberish and the data is useless because they don’t have the key to decrypt it. The same is true if you encrypt a flash drive. Without the key or password the data is scrambled and unreadable. Now encrypting these devices not only protects the data but some states even have “safe harbor” clauses in their data breach notification rules that say if you lose a device that contains client information and the device is encrypted you are exempt from the notification requirements of the law. I would recommend checking with a legal professional to better understand your local data breach notification rules and laws.

Many of today’s modern operating systems include tools for providing whole disk and removable disk encryption. Windows 8 Pro, Windows 7 Ultimate and Enterprise, and Vista Ultimate and Enterprise include Microsoft Bitlocker to provide disk encryption. Mac OS X Lion has FileVault2 for whole disk encryption. There are also 3rd party tools like Symantec Drive Encryption that you can also use for Windows systems that do not include Bitlocker. Drive encryption is a great way to stave off the loss of data; however, if something goes wrong and you lose your key or for some reason you get totally locked out of your system by the encryption software (yes this can happen) having a good backup of your data is very important. If you do have data on encrypted laptop that isn’t backed up some place you should certainly start backing that data up. To also keep that data safe remember to encrypt your backup as well. Most cloud backup solutions encrypt your data both in transit and at rest on their systems. Next month I will share a tutorial on encrypting a flash drive with Bitlocker on a Windows 8.1 device.

Leave a Reply