What is Encryption
Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. You can encrypt a single document or folder, groups of files or the hard disk drive itself.
What does disk encryption guard against?
Securing your computer with a windows password is not enough to ensure the security of your data. An attacker with physical access to your computer can simply boot to a new operating system from a USB stick which will bypass your password. They could also remove your hard disk and put it in a different Computer to gain access.
Encrypting your disk will protect you and your data in case your device falls into the wrong hands, whether it’s because you accidentally left it somewhere or it’s been stolen from your home, car, or even your own office.
There’s a common misconception that encrypting your hard disk makes your device completely secure, but this isn’t entirely true. In fact, disk encryption is only useful against attackers that have physical access to your device. It doesn’t make your device any harder to attack over a network. All of the common ways people get hacked still apply; attackers can still trick you into installing malware. You can still visit malicious websites that exploit bugs in your web browser or operating system, and so on.
How Disk Encryption Works
Most disk encryptions work like this: when you first power your device on, before your operating system can even boot up, you must unlock your disk by supplying the correct encryption key ie password. The files that make up your operating system are on your encrypted disk, so there’s no way for your computer to work with them until the disk is unlocked.
In most cases, typing your passphrase doesn’t unlock the whole disk, it unlocks an encryption key, which in turn unlocks everything on the disk. This allows you to change your passphrase without having to re-encrypt your disk with a new key, and also makes it possible to have multiple passphrases that can unlock the disk, for example, if you add another user account to your laptop.
This means that your disk encryption passphrase is potentially one of the weakest security links. If your passphrase is “letmein,” a competent attacker will get past your disk encryption immediately. But if you use a properly generated high-entropy passphrase like “9angryBOATgreek9”, it’s likely that no attacker would be able to access it.
What Encryption Software to use
BitLocker is the most well-known encryption product out there, it is Microsoft's own product and was introduced with Windows Vista back in 2007. If you are using an "enterprise" or "ultimate" version of windows vista or later, then you already have Bitlocker at your disposal. BitLocker is customizable, you can have it unlock the drive by a PIN or a password. Other more expensive options exist in the way of enterprise class encryption from vendors such as Mcafee and Symantec. It is worth mentioning, however, that most modern laptops also have hard drive locking mechanisms built into the BIOS which can be enabled easily eg HP Drivelock. These solutions only encrypt parts of the disk, but would create a significant barrier against all but the best equipped attackers.
Even with full disk encryption enabled on your laptops and other mobile devices, it is imperative to employ the correct strategy when disposing of your data securely. Please speak to us and find out how we can help.