Encryption is a difficult concept to grasp, but it’s a necessary part of protecting your business’s sensitive data. At a basic level, encryption is the process of scrambling text (called ciphertext) to render it unreadable to unauthorized users. You can encrypt individual files, folders, volumes or entire disks within a computer, as well as USB flash drives and files stored in the cloud.
Why is encryption important?
The purpose of file and disk encryption is to protect data stored on a computer or network storage system. All organizations, including small to midsize businesses (SMBs), that collect personally identifiable information like names, birth dates, financial information and the like, must secure that information.
If a laptop is lost or stolen and the files or disk isn’t encrypted, a thief can easily steal the information. He or she doesn’t even need to know the sign-on password to access the files – it’s easy to boot a computer from a USB thumb drive and then access the disks within the computer.
Disk encryption doesn’t protect a computer entirely. A hacker can still access the computer over an insecure network connection, or a user can click a malicious link in an email and infect the computer with malware that steals usernames and passwords. Those types of attacks require additional security controls, like anti-malware software, firewalls, awareness training and so on. However, encrypting a computer’s files or the entire disk greatly reduces the risk of data theft.
Types of computer encryption
Individual file and folder encryption does just that — it encrypts only specific items that you tell it to. This method is acceptable if relatively few business documents are stored on a computer, and it’s better than no encryption at all.
One step up is volume encryption, which creates a container of sorts that’s fully encrypted. All files and folders created in or saved to that container are encrypted.
Full-disk or whole-disk encryption is the most complete form of computer encryption. It’s transparent to users and doesn’t require them to save files to a special place on the disk – all files, folders and volumes are encrypted.
With full-disk encryption, you must provide an encryption passcode or have the computer read an encryption key (a random string of letters and numbers) from a USB device, when powering on your computer. This action “unlocks” the files so you can use them normally.
Best practices for computer encryption
Before enabling encryption on your computer, back up your data files. You should also ensure that you have the operating system’s installation media and create an emergency boot disk on removable media.
keep your computer backed up regularly. An encrypted disk that crashes or becomes corrupt can result in files being lost forever. If you have a current backup, you can be up and running quickly.
When creating a passcode or PIN, use random numbers and/or letters, and memorize it. The longer and more complex the better, but not so complex that you can’t remember it.
Keep a written copy of your PIN or passcode, and your encryption key (if separate), in a safe place, in case you forget them. If you enable full-disk encryption and forget your passcode, you won’t be able to access your computer, and neither can anyone else, including IT Support or even a data recovery service.
If you would like your computers to be encrypted then don’t hesitate to contact us today on –