Secure Your Data: Avoiding Plaintext on Disk

TL;DR

Plaintext data on your hard drive is a security risk. This guide shows you how to encrypt sensitive files and folders, use full disk encryption, and securely delete data when it’s no longer needed.

1. Understand the Risk

If your computer is stolen or compromised, anyone with access to the hard drive can read unencrypted files. This includes personal documents, passwords, financial information, and more. Encryption turns readable data into an unreadable format without the correct key.

2. Encrypting Individual Files/Folders (Windows)

1. Using BitLocker: Right-click on the file or folder you want to encrypt.
2. Select ‘Properties’.
3. Go to the ‘General’ tab and click ‘Advanced’.
4. Check the box ‘Encrypt contents to secure data’.
5. Click ‘OK’ twice, then choose whether to back up the encryption key (recommended).

Note: BitLocker requires a compatible Windows version. If you don’t have it, see section 4 for alternative software.

3. Encrypting Individual Files/Folders (macOS)

1. Using Disk Utility: Open Disk Utility (Applications > Utilities).
2. Select ‘File’ > ‘New Image’ > ‘Image from Folder’.
3. Choose the folder you want to encrypt.
4. Set a strong password and choose AES-128 or AES-256 encryption.
5. Save the encrypted disk image (.dmg file).

You’ll need to mount this .dmg file with your password to access the files.

4. Full Disk Encryption

Full disk encryption protects everything on your hard drive, not just specific files. This is highly recommended for laptops and any device that might be stolen.

• Windows: Use BitLocker (built-in). Search for ‘BitLocker’ in the Start menu. Follow the prompts to encrypt your entire system drive. Important: Back up your data before starting, as this process can take a long time and may require reinstalling Windows if interrupted.
• macOS: FileVault (built-in). Go to System Preferences > Security & Privacy > FileVault. Turn on FileVault and follow the instructions. Important: Back up your data before starting, as this process can take a long time.

5. Securely Deleting Files

Deleting files normally doesn’t erase them completely; they remain recoverable. Secure deletion overwrites the file data multiple times to make recovery much harder.

• Windows: Use a secure delete tool like Eraser (free). Download from Eraser and configure it to overwrite files securely.
• macOS: Secure Empty Trash in Finder. Right-click the trash can icon, select ‘Secure Empty Trash’. This option may not be available on SSDs; see below.

SSDs vs HDDs: Secure deletion is less effective on Solid State Drives (SSDs) due to how they store data. For SSDs, consider using the drive manufacturer’s secure erase utility or encrypting the entire drive instead.

6. Password Management

Strong passwords are crucial for encryption. Use a password manager like Bitwarden (free and open-source) to generate and store strong, unique passwords for each encrypted file/folder and your system account.

7. Regular Backups

Always back up your data regularly, even when using encryption. If something goes wrong with the encryption process or your drive fails, you’ll need a backup to restore your files. Store backups securely – ideally encrypted as well!