The New Oil

The New Oil logo
Protection: Device Encryption

Protection: Device Encryption

Encrypting phones is easy. Both Android and iOS are automatically encrypted if you assign a lock PIN, pattern, or other form of authentication. I recommended enabling this feature earlier. Encrypting desktops and laptops takes a little more effort. I recommend putting priority on encrypting devices that are easily portable. Phones should be encrypted as they get lost and stolen often and contain sensitive information (though if you followed my advice there should be less sensitive data on your phone than most people). Next are laptops, even if you don’t ever take them off your desk or out of the house. It’s easy for a thief to pick one up and take off with it, so they should be encrypted. The same logic goes for external harddrives, thumb drives, and and other similar devices. Finally, desktop computers. Encryption is free, so I recommend encrypting everything you can, just be careful not to forget your password and to keep diligent backups.

Mac devices come with a proprietary encryption program called FileVault. This is relatively secure and easy, so it should work for most people. Some Windows devices also come with an easy-to-use proprietary service called “BitLocker” that should work for those who have it. Most Linux distributions also offer the chance to full-disk encrypt your device with LUKS during installation, as well. If you have a Windows device without BitLocker, or if you don’t want to use a proprietary encryption software (or LUKS), then I recommend VeraCrypt. Veracrypt is a free, open source software that allows various forms of encryption. For most of my readers and in most cases, use “full disk encryption,” meaning that the entire device is encrypted completely.

Using Veracrypt

In this paragraph I’ll talk you through how to encrypt an external device using Veracraypt. To encrypt an external device, run Veracrypt. Go to the “Volume Creation Wizard” under the Tools menu, and select

“Encrypt a non-system partition/drive”. Encrypt

Pick “Standard VeraCrypt Volume”. Standard

Then “Create encrypted volume and format it”.

Note: this will wipe all the data already on your drive, so I recommend only using this with a fresh, empty drive. Create

Finally, make sure the algorithsm are set to AES and SHA-512 AES and SHA-512

Select a good password on the next screen and pick your file system format. If you’re only using Windows systems, NTFS is the best choice. If you plan to switch between various operating systems like Mac or Linux, then exFAT is is the better choice. After making this choice, simply continue on and follow the prompts accordingly.

Note: while installing Veracrypt, you will be asked to create a “recovery USB.” I highly encourage you to do so and to store it somewhere safe. Even something as simple as a routine update has the potential to go wrong and the only way to recover your data will be to decrypt the drive using this USB.