Whether you are on your home, office, or laptop PC, security is a big deal. From making sure the kids do not see content they should not be seeing, to protecting various folders from other prying eyes, it is important to keep sensitive data safe. The way to do that is to encrypt the folders on your computer that not everyone should be viewing. There are a few different ways you can go about encrypting your folders and we will explain them shortly.
BitLocker – BitLocker is a built-in encryption tool included with Microsoft Windows from Windows 7 on. By default, it uses an AES encryption algorithm in cipher block chaining with 128-bit of 256-bit key. This is the preferred built-in method.
Encrypting File System (EFS) – An alternative method to BitLocker. However, it is not recommended for information that is very sensitive.
3rd Party Software – If you are using home editions of the Microsoft OS such as Windows 10 Home, Windows 8 Home, or Windows 7 Home, this is the only option.
As you can guess, there has been a steady increase in the number of data breaches across all industries.
Things to Know Before You Start Encrypting Items
- Always make unencrypted backups of your files, just in case you lose your passwords.
- Prioritize what you want to encrypt to help you determine what methods to use.
- Encrypted files are not 100% secure. The encryption can be bypassed by hackers. They can also put keyloggers on your computer by using malware. If your data is extremely sensitive or valuable, you should consider a paid expert service. When you are trying to protect valuable information, you get what you pay for.
- If you encrypt using the EFS method, your file can lose its encryption if you transmit it via a network or email.
How to Encrypt Files with BitLocker
Since BitLocker works by using a Trusted Platform Module (TPM) chip, you will want to make sure that your computer has one. If your entire hard drive is encrypted, anyone that wants access will have to enter the password to unlock the hard drive. Even though you can use BitLocker without a TPM chip, it requires some extra steps.
To check to see if your device has a TPM chip, please follow these steps.
- Press the Windows key and X to select Device Manager.
- From here, expand the Security Devices header.
- If you have one, it will say Trusted Platform Module along with a version number.
- If you find one and you want to encrypt items, go to Control Panel > System and Security > BitLocker Drive Encryption > turn on BitLocker.
- Enter a password or insert a USB drive and click Next.
- From here, you can choose to encrypt the entire drive or just the used portion of the drive.
- Now, you can select New Encryption Mode (for fixed drives) or Compatible Mode (for removable drives) and select Next.
- Run BitLocker system check and click Continue.
- Next, go to My PC and check for the Lock icon displayed next to the drive to make sure it is working.
How to Encrypt Files with EFS
- Right-click on the file you want to encrypt and select Properties.
- Make sure you are the computer admin and click on Advanced > Advanced Attributes > Compress or Encrypt Attributes > Encrypt contents to secure data > OK > Apply.
- Next, select Back up your file encryption key pop-up message.
- Make sure you have a USB drive plugged into your PC and click Back up now (recommended) > Next and Next again to create your certificate.
- Accept the default file format and hit Next.
- Check the password box and make sure the password is the same.
- Navigate your USB drive and name the file you want to export. It will be saved with a .PFX extension.
- Click Next > Finish > OK.
As we mentioned, if you are using a home edition of one of the operating systems and the option is grayed out for EFS, you will need to use 3rd party encryption tools. While there are a number of free software alternatives, you won’t want to trust them with anything that is extremely valuable or sensitive. Keep in mind that the FBI and NSA can require US companies to turn over encryption keys with a court order.