Users today are taking their work with them wherever they go. Whether they work from home or while traveling, they take their laptops holding your data with them. What happens if a user leaves his laptop unattended for a while? Are you confident enough that the data on that laptop won’t be compromised? Sure, you might have a password at login, but what if the thief steals the laptop and takes the hard drive out and connects it to another computer? He just gained access to your organization’s sensitive data.
So how do we prevent this threat? You can do so through encryption. Encryption is the process of garbling the data so it cannot be accessed without a key or password. It protects data from unauthorized access.
There are two types of encryption: File and Full Disk Encryption (FDE). With File Encryption, you will use a third party software (7-Zip or VeraCrypt) to encrypt files and folders. When using Full Disk Encryption you will use Microsoft’s BitLocker or another third party software to encrypt the entire hard drive and the files within it stay unencrypted. When you encrypt the entire hard drive, and the bad guy tries to plug the drive into another computer, it will stay inaccessible.
In corporate environments, Full Disk Encryption is the standard. It’s easier to manage and takes away the possibility of maliciously adding a password to files without authorization. Federal Regulations and Standards (PCI-DSS, GLBA, SOX, and HIPAA) require encryption with data at rest. Encrypting your hard drives will satisfy the “data at rest” aspect. There are many ways to perform Full Disk Encryption on the major OS platforms (Windows/MAC/Linux). In regards to the Windows platform, the popular Full Disk Encryption software is built-into right into the Operating System (BitLocker).
Encryption is a standard when it comes to Federal Regulations and is now becoming commonplace in the business sector. Though it is not 100% foolproof (it won’t secure your drive if you’re using a weak password or your computer gets infected with malware) it is still your best bet against unauthorized access or exposure of sensitive data.