Disk Encryption

If your computer(s) contain sensitive information that could be exploited if lost or stolen, it is highly recommended to use some type of disk encryption. My preferred program is TrueCrypt, which is free for personal and commercial use. Though I was quick to point out that TrueCrypt is free, this is not why it is my favorite. TrueCrypt is popular with me and a lot of other people because of the wide range of features and reliability. TrueCrypt most likely has the feature you need and it will not fail and cause the loss of all your data. This last part is extremely important because there is little to no chance data recovery if data is encrypted and the key is corrupted or not known.

Here is a list of the features offered by TrueCrypt:

  • Creates a virtual encrypted disk within a file and mounts it as a real disk.
  • Encrypts an entire partition or storage device such as USB flash drive or hard drive.
  • Encrypts a partition or drive where Windows is installed (pre-boot authentication).
  • Encryption is automatic, real-time (on-the-fly) and transparent.
  • Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
  • Encryption can be hardware-accelerated on modern processors.
  • Provides plausible deniability, in case an adversary forces you to reveal the password (hidden volume (steganography) and hidden operating system).

If you have read this far, but are wondering what is encryption? Wikipedia describes it as a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. Disk encryption prevents unauthorized access to data storage.

If you think this sounds too complicated and you can just password protect Microsoft Word documents, that is not a solution. Techniques like that are often times easily defeated. If you think file encryption offered by Windows (EFS not BitLocker) is secure, you are wrong. Many forensic programs will easily decrypt these types files in a few seconds.

What type of encryption do you need? This can be difficult to recommend and it depends on what you store on your computer or whether it is at risk of theft. You may not need any disk encryption if a computer is kept in a secure facility that is protected 24-hours a day, such as a server. You should use some type of encryption on a computer that does not leave the premises, but is at risk of theft. Partial encryption could be used, such as on just a partition or secondary hard drive. Laptops that are taken off-site by employees should use full disk encryption. External hard drives or flash drives should use full disk encryption if they will contain sensitive data. To ensure these external drives can be read on any of the computers in a business, all should have TrueCrypt installed. Since TrueCrypt is easy to install, all employees could install it on their home computers.

If you do not use encryption, how will you feel if you have to call a client and inform them you lost their information? California state law requires notification to anyone who’s personal identifying information is lost or stolen. You still need to notify people even if encrypted data is lost or stolen, but you will be able to explain it was protected with encryption. This data should be safe if you use a strong password. Even strong passwords may be eventually defeated, but the computing power and time needed may rule out most people or even countries.

If you want to get started, the TrueCrypt website has the installer download and tutorials to walk you through the various types of configurations. Please consider a donation if you use TrueCrypt and are pleased with the product.