UPDATED February 10, 2022 This piece has been updated to reflect the emergence of new technology
Christian Mathews Security Writer
According to Gartner, on average every 53 seconds, a laptop is stolen. And as if that’s not enough, according to statistics from Datalocker.com, 97% of laptops that are stolen are never found. The picture this paints is quite grim. So should you ditch laptops or personal computers? No, you want to know how to encrypt a hard drive.
The thing that happens to motivate laptop theft stems from the ever-growing need for personal information by most cybercriminals.
Turns out, personal information is very valuable (At least to cybercriminals)
If someone’s going to steal your personal computer, the least you can do is deny them the pleasure of easily accessing your personal information.
And that’s what we’ll be going through in this article.
You can expect to read more on:
- What does encryption mean?
- The importance of encrypting one’s hard-drive
- How to encrypt a hard-drive across major platforms: Windows, Mac OS, and Linux
- External hard-drive encryption
1What does encryption mean?
Questions like what is encryption and what is an encrypted message, usually come to mind. Encryption refers to the process of turning plain text/readable data into ciphertext.
So simply, it involves utilizing a cipher to encode or change readable data into unreadable/unintelligible data otherwise known as ciphertext.
A cipher essentially is an encryption algorithm or formula used to encode and decode data.
Once you encrypt your data, no one else can access that data without proper authentication i.e. the correct password combination, or even a biometric scan.
How does it work?
To be fully effective, an encryption system needs 3 critical components:
- The data- which is data on the hard-drive you’re encrypting
- Encryption engine- it’s made up of the encryption algorithm/formula. It is what encodes and decodes the data
- Key management
The last component, “key management” is what holds the encryption system together.
It is common knowledge all encryption systems are vulnerable to attacks, what with Snowden’s revelations on the government’s attempts at subverting security in encryption systems.
However, the problem is not with encryption systems, rather the issue lies in the implementation of encryption systems.
To elaborate this further, if your encryption system’s key management is poor, i.e. passwords or recovery keys are stored onsite, or worse, locally on the same computers; or having printed or handwritten passwords or copies of recovery keys lying around the premise, what’s to stop anyone with malicious intent from breaching your encryption system?
Similarly, the type of cipher you choose determines how secure your encrypted data is i.e. You’re better off using SHA 3 hash function as your cipher instead of MD 5 hash function which is now considered “weak”.
If you’re an average computer user, you won’t need to know all these to encrypt your hard-drive.
Most operating systems have complete encryption systems in place, and when it comes to encrypting your hard-drive, you won’t need any third-party tools and even better, it is super easy to do as you’re about to find out below.
2Importance of encrypting one’s hard-drive
Most reasons for encrypting one’s hard-drive revolve around the basic need for privacy and security of data stored in the hard-drive.
Here are the major reasons as to why you should encrypt your hard-drive:
To ensure the privacy and security of your data
The statistics above on theft of laptops are alarming, to say the least. As to whether you could be a victim, it’s up to chance.
However, it would naïve of you to think that just because you’ve set a password for your computer, data in your hard-drive is safe. The password will only apply to secure the computer. The hard-drive can be pried from your computer, and once it’s installed in another computer your data will be out there for anyone to access.
It helps prevent identity theft
This may come as a surprise, but when you think of all the data you store on your personal computer, it’s apparent how easily someone can steal your identity using your personal computer.
If you don’t want to be a victim of identity theft or some other crime resulting from the use of data on your hard-drive, you should seriously consider encrypting your hard-drive.
Ensuring the integrity of data and compliance with company or government regulations
“Protected entities” have to comply with HIPAA regulations on safeguarding Electronic Protected Health Information (EPHI).
Similarly, companies or government agencies dealing with sensitive data require all data to be encrypted.
As an individual or company, to ensure compliance with these regulations hard-drive encryption is a necessary basic measure towards ensuring the integrity and security of data.
3How to encrypt a hard drive
- On your desktop, left-click on the “This PC” icon. In older versions, this can be “My Computer”. Alternatively, you can left-click on the “File Explorer” option then on “This PC” or “My Computer”
- On the tab that opens next, identify the drive you want to encrypt. Right-click on the drive you’ve chosen, then click on the “Turn On Bitlocker” option.
- Click on the option to “Enter a Password”. Key in the password. Best security practice is to have a long password composed of letters, numbers, and special characters. Once you have the password in place, you’ll need to have a way of recovering your data should you forget your password. For this reason:
- Click on the “How to Enable Your Recovery key” option. You can then choose to either print the recovery key, save it on your Microsoft account, or even on a removable storage device.
- Click on “Encrypt Entire Drive”
- Select “New Encryption Mode”, then click on “Start Encrypting”.
Your computer may restart if you’re encrypting the boot drive.
Also, since the encryption process takes up some resources, your computer may slow down a bit.
macOS utilizes the File Vault feature to encrypt your hard-drive.
- Click on the “Apple Icon” on your desktop.
- Next, click on the “System Preferences” option then “Security and Privacy”.
- Select the “Turn On Vault” option.
You can then configure your preferences on Filevault.
At this point you can choose to:
- Enter your Apple ID when prompted, so in case you forgot your password you can log in to another device using your Apple ID to recover the password, or
- You can either print the recovery key or save it on a removable storage device
Once you complete configuring Filevault, encryption will begin.
Encryption on the Linux operating system mostly relies on Linux Unified Key Setup (LUKS) cipher.
Here’s how to go about encrypting a hard-drive on Linux
1. Begin by typing this command on the terminal
# sudo cryptsetup luksFormat /dev /sdC1 ----- then press enter.
/ dev / sdC1 – refers to the hard-drive being encrypted. This can change depending on how you name your drives
2. To complete this command, confirm by typing “YES” when prompted then press enter.
3. You’ll then be prompted to enter the passphrase/password and verify it.
Once you’ve done this, press enter.
4. Next, you’ll create a logical mapper. To do this, type this command then press enter.
#sudo crypt setup luksOpen /dev /sdc1 decrypted
Decrypted- refers to the device-mapper
5. Next, you’ll be formatting the partition
In this case, we’ll be using the mkfs system
Run this command
#sudo mkfs. Ext4 /dev /mapper /decrypted
6. Next, you’ll create a directory to be used as a mount point.
Run this command
7. Next, run the following command to mount the drive
#mount /dev /mapper /decrypted /decrypted
Once you’ve done all this, exit the terminal.
You’ll have successfully encrypted your hard-drive. The next time you log in, you’ll need a password to access data in the now encrypted hard-drive.
4External hard-drive encryption
The procedure will be the same as above.
You must however carefully note the name of the external hard-drive once you plug it in.
On the “#sudo cryptsetup luksFormat /dev /sdC1” command, replace “/dev /sdC1” with the appropriate drive.
- Plug in the external hard-drive to your Mac.
- Open Finder and locate the external drive on Finder’s sidebar.
- Right-click on the removable hard-drive, then select the “Encrypt” option.
- You’ll be prompted to enter a password. Make sure you use a strong password.
- Once you’ve done all that, click on “Encrypt”.
- Plug in the external hard-drive to your computer.
- Type “Bitlocker” on the search panel.
- Click on the option to “Open” Manage Bitlocker, in the results that come up.
- On the tab that comes up, scroll down to “removable data drives”.
- Select the drive you want to encrypt, then click on the option to “Turn on Bitlocker”.
- Select the option to “Use a password to unlock the drive”.
- Enter your password, then verify it.
- Click “Next”, where you’ll have the option of saving the recovery key on your Microsoft account, saving to a file, or printing the recovery key.
- Select the option to “Start Encrypting”
When the encryption process is over, close the tab.
Now that you know how to encrypt your hard-drive, here are a few tips to help make your encryption even harder to crack.
- Avoid using the same password you use for other online accounts to secure your hard-drive.
- The longer your password, the better. Also consider using special characters, letters, and numbers in your password.
- Change your passwords regularly.
- Never use your Personal Identifiable Information or any publicly available data on you in your password. i.e. Your kid’s or pet’s name, your date of birth, or even your social security number.
Finally, always remember that hard-drive encryption only protects against a single wave of attack (physical access), and should not be relied solely on upon as a comprehensive security solution for your data at rest, or in motion. Consider also keeping a back up and ensre you know how to backup your laptop to external hard drive.