Three steps to properly protect your personal data

Even encryption can give you a false sense of security. Here's a layered approach to truly keep your data private.

By Brandon Gregg

February 01, 2012CSO

With groups like Anonymous actively looking to embarrass your company, laptops thefts occurring every second, and the recent poor US District Court ruling on fifth amendment password protection rights, it is time you actually encrypt your data properly.

Your Windows login password is not encrypting your computer (surprise!). Full-disk encryption (used by very few people) is a good step, but by itself it still will not completely protect your data from prying eyes, overzealous governments, or your own mistake of leaving your company's crown jewels at the local coffee shop.

More in the Investigator's Toolkit:

Instead—as with many successful security designs—you can set up a layered approach to protecting your data with encryption. It's fairly easy, quick, and free.

To create a more complete protection scheme, I am going to walk you through three steps to build this layered security approach:

  1. install FDE (or turn it on) and encrypt your files,
  2. create an encrypted hidden volume to prevent any government or person from forcing you to turn over your personal data,
  3. and create a tracking capability in the event your computer is stolen or lost.


Step one: Install full-disk encryption

The key to proper encryption is not just the encryption itself, but also protecting the right data. This is why full-disk encryption (FDE) is a popular starting place for many users. You can purchase hard drives with built-in FDE or use software tools like Windows Bitlocker. In either case, your computer can be locked down as soon as it shuts off. If your laptop is stolen, or sold on eBay years later without a proper disk wipe, or even if it finds its way in the government's hands, it will be useless without a password.

RESOURCE CENTER