Disk Encryption

If an employee has their laptop stolen, you could soon find its data has been extracted and then either leaked online for everyone to see or sold to the highest bidder on the dark web. Data breaches like these can cause considerable damage to your organisation’s reputation and may even leave you liable to legal consequences. This is why sensitive data such as financial information or customer data should never be stored in an unencrypted format!

Encryption refers to a process of encoding data. The data is converted from plain text into an encrypted format which is unreadable without a copy of the encryption key. Unauthorised users are prevented from reading the data even if they have access to your device. This significantly mitigates the risk posed by a lost or stolen laptop.

Most modern devices running Windows or macOS have built-in encryption programmes, namely, BitLocker for Windows and FileVault for macOS. Encryption can also be carried out at the file level (known as FLE – File Level Encryption) but encrypting at the disk level is considered the more secure option to protect an entire device.

BitLocker is included with all new versions of Windows Pro. BitLocker allows you to encrypt your entire operating system and it also allows you to encrypt individual drives on the machine.

BitLocker works in conjunction with your machine’s TPM (Trusted Platform Module). The TPM is a processor in the machine which stores the encryption key and checks that the machine accessing the data is authorised to do so. This prevents someone stealing your drive, mounting it in their machine and accessing it. Almost all windows compatible machines released since 2016 have an inbuilt TPM.

The initial encryption of your drive can take several hours, but after that, the user experience of using an encrypted machine is no different. When the computer is locked or shut down, all the protected drives are encrypted. When the user unlocks the machine with their password the TPM chip confirms that the device is authorised to access the data and the drives are decrypted. New files which are stored on protected drives will be automatically encrypted as and when they are saved.

Yes, if your business stores any sensitive data on your drives, you should encrypt them. Failure to do so leaves you open to that data being accessed by unauthorised users if the device is stolen. This can have grave consequences for your business. The ICO (Information Commissioner’s Office) has been known to levy heavy fines against organisations which have suffered data breaches due not encrypting their drives. You can read the ICO’s recommendations regarding encryption here.

Our team of cyber-defence experts can help to audit your networks to identify sensitive data and then implement BitLocker where required to protect your business-critical data. If you would like help implementing disk encryption, Carden IT Services can help you do this as part of our managed IT services and cyber-defence packages. We keep your business safe through a combination of network security, cloud security, endpoint protection, and cybersecurity expertise.