“Full disk encryption” is one of those techie terms that often sees my clients’ eyes glaze over with boredom.
I cannot pretend it’s an exciting topic, but it’s an essential one for anyone who uses computers for business, and something you cannot afford to ignore.
Let me explain why:
You may well think that because your computer is password-protected, your data is safe from prying eyes? Well, it’s not.
Quite aside from the fact that both Windows and Mac passwords are easy to crack by those who know how, all anyone needs to do if they want to access your data is to remove your hard drive and insert it into a caddy or as a second drive in another PC. A few clicks, and all your files (and your customer data) is easily accessible.
This means that if a company laptop is left in the back of cab, or falls into the wrong hands for any other reason, all the information on it is there for the taking. This could land you in hot water with your clients, some of whom may actually insist that you use encryption as part of your contract with them anyway.
Full disk encryption prevents this happening. It still uses passwords, but in the absence of the correct password or encryption key, all anyone can see is garbage.
How does Full Disk Encryption Work?
Once full disk encryption is set up on your computer, everything you save is encrypted “on the fly.” You only have access to it while you are properly authenticated into your Windows or Mac OS X environment.
As soon as you switch off, the data is essentially garbled until you authenticate again. It’s still garbled if someone removes the hard drive and tried to access it from elsewhere.
Full disk encryption can have an impact on the speed and performance of your system, as some processing power is needed for the encryption process, but this is usually not noticeable on a modern computer.
What’s involved in setting up full disk encryption?
We can set up full disk encryption for you on any computer.
It’s easiest on Macs, as they all come with FileVault full drive encryption. It’s really just a question of turning it on and waiting for the process to finish.
Windows PCs can prove a little more complicated. Windows does include full disk encryption, but only in the “Ultimate” version, so a chargeable upgrade to this version is often necessary. However, sometimes we can avoid this expense if your computer manufacturer has included their own encryption software. As an example, “business” style HP laptops often include this.
Setting up encryption is easy, but the encryption process can take a very long time. If you have a lot of existing data, and a traditional hard drive rather than a faster SSD, this can mean days rather than hours! You can usually use your machine (with slightly reduced performance) while it takes place, but you’ll want to leave it powered up and in the same location while this happens.
As such, we usually recommend kicking off encryption on a Friday, so the process can complete over the weekend.
Full Disk Encryption: Other Considerations
Once your computer is encrypted, you have far more peace of mind against loss or theft, but you should also make sure your backups are encrypted too – and we can help with this.
Finally, it’s absolutely essential that you don’t lose your password and encryption key. Full disk encryption is designed so that nobody can access your data without authenticating – and that includes IT professionals AND you, if you forget your details!
Contact us now to find out more about full disk encryption.
IMAGE CREDIT: Wikimedia Commons, Flickr