If you have never dealt with data encryption, it can be intimidating.
What is encryption, you will ask? Simply put, it’s converting data into code to protect it.
The generic process goes like this:
First, encryption:
- Select data to be hidden
- Assign password
- Transform data with a cryptographic key
And decryption:
- Select data to be revealed
- Enter password
- Transform data into usable text
There are three basic methods to encrypt data:
- Encrypt on a file-by-file basis
- Encrypt a container (defined portion of a drive)
- Whole drive (Full disk) encryption
The first method is pretty straightforward. I don’t really like it because it is not automatic. You have to remember to encrypt the files as they are created on your drive. It usually can be automated with scripts (batch files) but it is a little more involved. If for whatever reason you prefer the file-by-file method (you only have a few sensitive files to protect), go with the encryption software called AxCrypt. Simple, free, open-source (no backdoor), THE reference in its field.
I like the second method more. What is a container, you will ask? A container is a large empty file that you create, with the encryption software, and inside of which you will add/save the files to be encrypted. And as you add (or save) the files inside the container, they are automatically encrypted. Think of it as a folder, but a folder that has a predefined size. Example: a 100 MB folder (container) inside of which you save five files weighting 25 MB total. Once the container is created, its size usually cannot be modified. So think ahead on the purpose of each container you create.
Once the container is created you select the container you want to mount (it will become a virtual drive), you enter the password, and the drive is mounted by the encryption software. What’s that mounting thing? I means the container will appear with its own drive letter in your file manager. From there you use it just as you would use any other drive (d: drive, f: drive, whatever: drive!). It is so like any other drive that it is even suggested that you defrag the drive (for Windows users) if you use it a lot.
The king software in the category is TrueCrypt. Again it’s simple, free, open-source (no backdoor), THE reference in its field.
The final method is whole drive encryption. Really, it’s like a container except the whole partition/disk is encrypted. Even the drive/partition on which the whole operating system resides can be encrypted. That’s useful if you really don’t want anyone looking at any part of your system. The only drawback: if something goes wrong, you not only lose the files you wanted to protect but the whole operating system. So far, I never had any incident in 4 years of daily usage.
I suggest you use the whole disk encryption method in conjunction with the container method described above. This gives you more flexibility to have access, or not, to the data you want to scramble. That way you can start the operating system but you can leave your data encrypted. As well, it gives you the option, for back-up purposes, to only backup the container (only one file to transfer).
Personally, for my backups, I mount my container on my primary drive, mount another container on the external drive and execute a standard backup with softwares like Cobian Backup, SyncBack Freeware, or Karen’s Replicator (my favorite!). Why do I do that? In general, it’s easier to transfer smaller, individual files than a large, multi gigabytes container. It allows for a faster backup as only your new/modified files are transferred. If you backup the whole container, you will have to transfer the whole container anytime the smallest change is made to any file in the container. Not so fast if you have a large multi gigabytes container.
Here again, the king software for full disk encryption is TrueCrypt.
Remember, when a container or a drive is mounted, its content is in the clear! If you leave your computer turned on, you have to unmount your volume to make sure nobody can read its contents, or simply shut down your computer (the container or drive automatically dismounts when the computer is off).
Final note: never, ever trust any closed source software. It means its code cannot be reviewed and analyzed to discover any potential backdoor. Stay especially far from Microsoft products, as the pigopolist works hand-in-hand with the NSA.
