Encrypt Data on a Windows PC

Whether you’re a business or a home user, you want to keep your data safe. Encryption adds an extra layer of protection to the data on your hard drive by scrambling it and rendering it inaccessible without the correct decryption key.

Encryption can be a difficult concept to get your head around. In short, encryption is any process that takes data and encodes it in such a way that only authorised parties can gain access to it, and anyone who isn’t authorised can’t. When you encrypt data, it is translated into another form, and is only able to be reassembled by someone who has access to the unique decryption key. Encrypted data is known as ciphertext, while unencrypted data is referred to as plaintext. You can encrypt anything, from individual files, to folders, to whole drives.

So who actually needs to go to the trouble of encrypting their data? If you’re a business, encryption should be a part of your basic IT and data storage strategy. Although your computers and laptops will be password protected, this is just superficial; anyone with basis data recovery knowledge will be able to steal your data is they have physical access to the storage device. Operating system passwords don’t encrypt your data, so it will be stored on your hard drive in its complete form and can easily be read by another machine. If you’re just a home user, encryption might not be as big a priority, but you should still consider it.

There are essentially three levels of encryption – individual file and folder, volume, and whole disk. With individual file and folder encryption, only selected items are encrypted. Volume encryption goes further, encrypting files within a container. Whole-disk encryption is the most complete form of encryption, with all data on the drive encrypted. You’ll need to present the encryption key every time you boot up your machine, either by entering the decryption key manually or reading the key from a USB flash drive. Encryption is now included on Mac and Linux operating systems as standard. On Windows machines, however, it depends on the version of Windows 7, 8 or 10 you’re using.

BitLocker is included as standard with Microsoft Windows 7 Enterprise and Ultimate Editions, as well as the Enterprise and Pro versions of Windows 8 and Windows 10. To enable BitLocker in any of these versions of Windows, open the Control Panel, click “System and Security”, and then “BitLocker Drive Encryption”. Next, click “Turn on BitLocker”. You’ll then be asked how you want to unlock your drive upon startup – you can enter a password or insert a USB flash drive. If you select the password option, enter your password, and you’ll be given a choice of how to save a recovery key in case you forget it. You can save it to your Microsoft account in the cloud, save it to a USB flash drive, save it to a file, or print a physical copy of it off. Select the option most convenient for you, and click “Next”. Then you need to select the encryption option that you want – “used disk space” or “entire drive”. The former is faster and better for new machines and drives, while the latter is better for machines and drives that are already in use, although it is much slower. Click “Next”, and you’ll get a choice of two options – “new encryption mode” or “compatible mode”. If you’re keeping the drive in your machine, choose the former. If you’re moving the drive between multiple machines, choose the latter. Check “run BitLocker system check” and press “Continue”. Restart your computer to begin the encryption process. Upon booting up, you’ll be asked for your encryption key. To verify the encryption has been a success, take a look at the C-Drive icon in File Explorer – it should have a lock symbol on it.

Data Recovery