All about hard drive encryption: SSO Alert Priority Low
18 August 2014
Stay Smart Online recently released advice about TrueCrypt, a popular encryption product no longer supported by its developers, which has become unsecure. Stay Smart Online advised subscribers to choose an alternative encryption program.
In addition to some of the built-in security capabilities of your computer’s operating system and the protections offered by antivirus software, there are other options you might consider to help increase security on your computer.
Your operating system controls access to your computer via logon, but it does not generally add security features such as encryption to your data. Your files are stored on your hard drive in an easily readable and accessible format.
To address this and to add extra security to their systems, many people add encryption to the information they store. Hard drive encryption works by encrypting the entire contents of your computer’s hard drive, including any programs and files, rendering it useless to anyone who doesn’t have the password. This can be extremely useful if, for example, your computer is stolen.
Hard drive encryption is different from 'file encryption’, which is a method where individual files you specify are encrypted, rather than the entire drive. If you only wanted to protect some of your files, your may prefer to investigate file encryption options.
Most hard drive encryption methods will require you to enter a password to unlock your hard drive at the same time as you logon to your computer. The hard drive is then decrypted and your computer can be used as normal.
Encryption methods and techniques vary between products and operating systems, but most options offer levels of encryption that render it impossible to crack or decrypt your drive without the password.
We have outlined some of the common options below for Windows and Apple systems. However, there are many other products that offer hard disk encryption exclusively or as part of wider feature sets. Some may be free, others low cost, and options are also offered by security vendors such as Sophos and Symantec as part of their security packages.
Installing and setting up some solutions may require technical knowledge, but many products provide all the necessary instructions.
Downsides to hard drive encryption
While hard drive encryption is extremely useful, like any technology, there may be potential downsides.
As we generally advise, anything protected by a password is only ever as secure as the password itself. You need to choose and use a strong password every time.
Another consideration is that if you forget your password, the encryption renders your drive completely inaccessible. Recovering your data in the case of a lost password or a hard drive failure may not be possible. Many products do include recovery features to address these concerns, particularly for business-grade products with centralised IT departments. You should evaluate recovery features as part of your decision.
Many hard drive encryption products require the use of a separate password to your user or computer logon. You enter this password first to decrypt your drive and then enter a second password to access your computer (your normal user logon). This needs to be done each time you turn your computer on; something you may find frustrating.
Hard drive encryption can also affect the time taken for your computer to read and write files. In practice, this is imperceptible but, if you use your computer for high end computation such as scientific computing or gaming, you may notice a difference.
Finally, encrypting your hard drive is only really effective when you are not using your computer. Most of the time when you are using your computer (your drive will be unencrypted) it will not be protected by this method, so you will need to rely on your other security systems and practices.
Hard drive encryption for Windows
Microsoft has recently released a hard drive encryption program called Bitlocker, which is available for higher end versions of Windows (both versions 7 and 8). Windows 8.1 includes built in hard drive encryption.
Windows 7: Bitlocker is available for the Ultimate and Enterprise versions of Windows 7. Microsoft provides instructions for installing and using Bitlocker for Windows 7 at this page.
Windows 8: Bitlocker is available for the Pro and Enterprise versions of Windows 8. Microsoft provides instructions for installing and using Bitlocker for Windows 8 at this page.
Windows 8.1: In addition to Bitlocker, another option, called Pervasive Device Encryption is available by default on all new Windows 8.1 installations. Computers that have been upgraded from previous versions of Windows to 8.1 will not have this installed by default, but it can be enabled using the information at this page.
If you do not have one of these versions of Windows, you cannot install Bitlocker, but there are many other suitable alternatives. Research the products online and, before you install one, ensure it is reputable, up to date, supported and includes any additional features you require.
Hard drive encryption for Apple OS X
Apple OS X computers, including Macs and laptops, include a program called FileVault.
OS X Lion and above: FileVault 2 was introduced in OS X “Lion” (version 10.7) and includes the option of hard disk encryption. This is available on OS X Lion and later. Instructions for installing FileVault 2 are available on Apple’s website.
Older versions of Apple OS X do not include FileVault 2. Earlier versions of FileVault did not offer full hard disk encryption. You should upgrade your system or seek an alternative product.
A long list of hard drive encryption programs is available at Wikipedia.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.