Encrypting your devices is one of the best ways to protect your data and privacy. Encryption converts data into an unreadable format that can only be decrypted with a special key. This prevents unauthorized access to your information if your device is lost, stolen, or hacked.
There are several types of encryption you can implement to safeguard various devices:
Table of Contents
Full Disk Encryption
Full disk encryption (FDE) encrypts the entire hard drive on a device. This protects all data stored on the drive if the device itself is compromised.
FDE is available on Windows, macOS, Linux, iOS, and Android. On Windows, BitLocker provides full disk encryption. On macOS, FileVault 2 enables FDE. Android 9 and later supports file-based encryption, which is similar to full disk encryption.
To enable FDE:
- On Windows, turn on BitLocker through Control Panel > BitLocker Drive Encryption
- On macOS, turn on FileVault through System Preferences > Security & Privacy > FileVault
- On Android 9+, enable file-based encryption in Settings > Security > Encryption & Credentials
Be sure to store the encryption key or recovery key in a safe place, separate from your device. This allows you to unlock the encryption if needed.
Removable Media Encryption
Encrypting removable media like USB drives prevents data theft if a drive is lost or stolen.
On Windows, BitLocker To Go provides portable drive encryption. On macOS, you can create encrypted disk images to protect removable storage devices. Third party tools like VeraCrypt also enable portable encryption.
To encrypt a USB drive:
- On Windows, use BitLocker To Go to enable encryption directly on the drive
- On macOS, create an encrypted disk image using Disk Utility and store files within it on the USB drive
Be sure to eject and properly disconnect encrypted drives before removing them to prevent data loss.
Mobile Device Encryption
Encrypting data on mobile devices like smartphones and tablets prevents unauthorized access from device theft or hacking.
On iOS:
- Turn on encryption in Settings > Touch ID & Passcode
- Set a secure alphanumeric passcode
On Android:
- Go to Settings > Security > Encryption & credentials
- Select encrypt device to enable file-based encryption
Encrypted devices require you to enter your passcode when powering on the device.
Email Encryption
Email encryption transforms messages into cyphertext that can only be decrypted by the intended recipient. This prevents email interception and protects sensitive data sent via email.
Popular email encryption options include:
- Using PGP (Pretty Good Privacy) or GPG (GNU Privacy Guard) to encrypt email content
- Enabling TLS (Transport Layer Security) encryption in email clients
- Using end-to-end encrypted email providers like ProtonMail
To encrypt email:
- Install a PGP/GPG plugin in your email client e.g. Thunderbird + Enigmail
- Enable TLS encryption in account settings
- Create an account with an encrypted email provider
Share the public key with contacts you exchange encrypted emails with.
Securing Encryption Keys
The encryption keys themselves must be properly secured, otherwise encrypted data can still be compromised.
Best practices for storing encryption keys include:
- Keep keys separate from encrypted devices
- Use a password manager or hardware security key to store keys
- Enable two-factor authentication for access
- Store keys in cloud key management platforms like AWS CloudHSM
Only share keys with trusted contacts when absolutely necessary.
Conclusion
Implementing device encryption provides an added layer of security for your data and privacy. Encrypting your hard drive, external media, mobile devices, email, and properly securing keys ensures 360-degree protection from unauthorized access. Be sure to use long and complex alphanumeric passcodes to lock encrypted devices and storage locations containing encryption keys.
