Lock Your Vault
There are three states of digital data: at rest, in transit, and in use. Not having adequate protection while your data is in any of these states can be dangerous. In previous blogs we discussed protecting data in transit through the use of VPNs and HTTPS. In this blog I will cover some of your options to protect your data at rest. Data at rest means the data is stored on some storage medium and is not being accessed or moving between endpoints. This medium could be your hard drive, USB drive, or a cloud back-up site. People often have the misconception that their data is safe if it never leaves their system, but this is not true. Think of it as storing treasure in a vault but you leave the door unlocked. Attackers are ready to exploit this mistaken belief and harvest all of the personal data you have stored on your hard drive or even in the cloud. To protect your data from malicious actors you will need to encrypt it. Fortunately, there are many options available to get the job done.
Storage encryption methods
- File or Folder encryption is the most basic encryption option. Here, you would be only encrypting specific important files or folders. This can be a desirable option if you don’t have many personal documents stored on the medium or want to be able to move around a few important documents safely. Additionally, it would be useful if you are sharing a computer with someone and you want to restrict access to files containing your personal information.
- Volume level encryption takes it a step further and creates a container where all files and folders added to it will be encrypted. The primary advantage is that you can encrypt large groups of files and folders at once. You can also continue to add to the volume later and everything you add will also be encrypted. The container is also easy to move around if you need to place it on another hard drive or send it to someone else.
- Full-Disk encryption will encrypt your entire drive. Instead of using a measured approach like the previous methods, full-disk encryption will encrypt all of the data stored on the drive. The catch here is that it only does while the computer is powered off. When you boot up your computer you will be for the encryption key to decrypt the data. After this the data is not encrypted again until you shut the computer down again. This makes sense because you need to use the data while the computer is on, but it does leave your data vulnerable during that time. Still, it is an invaluable protection if your device is stolen. This is especially important for mobile devices such as laptops, phones, and tablets.
Encryption Software Tools
- BitLocker is Microsoft’s built in encryption tool, which is available on windows 10 professional and enterprise but not the home version. It is primarily used for full-disk encryption, but it also can encrypt volumes and virtual drives.
- Apple utilizes FileVault 2 to provide encryption on MAC OS. It provides full-disk encryption but also the ability to remotely wipe your drive if it is stolen.
- VeraCrypt is a third-party software that is available on Windows, MAC OS, and Linux. It is open source and provides both full-disk encryption and volume encryption. With VeraCrypt, you can easily create containers to encrypt files and folders. It also supports more robust encryption algorithms.
- 7zip is third party open source tool that is easy to use. It is primarily a file archiver but it could be a good option if you know that you only want to encrypt specific files and folders. It is available on both Windows and Linux.