File and Folder Encryption
Encryption is often used to protect data. Encryption is where data is transformed using a complicated algorithm to make it unreadable. A special key must be used to return the unreadable information back into readable data. Software programs are used to encrypt files, folders, and even entire drives.
Encrypting File System (EFS) is a Windows feature that can encrypt data. EFS is directly linked to a specific user account. Only the user that encrypted the data will be able to access it after it has been encrypted using EFS. To encrypt data using EFS in all Windows versions, follow these steps:
Step 1. Select one or more files or folders.
Step 2. Right-click the selected data >Properties.
Step 3. Click Advanced…
Step 4. Select the Encrypt contents to secure data check box and click OK. Windows will display an informational message stating that it is applying attributes.
Step 5. Files and folders that have been encrypted with EFS are displayed in green, as shown in the figure.
The image shows a Windows File Explorer window with encrypted files and folders that have been encrypted with EFS are displayed in green.
Windows BitLocker and BitLocker To Go
You can also choose to encrypt an entire hard drive using a feature called BitLocker. To use BitLocker, at least two volumes must be present on a hard disk. A system volume is left unencrypted and must be at least 100 MB. This volume holds the files required by Windows to boot.
Note: BitLocker is built into the Windows Enterprise editions, Windows 7 Ultimate, Windows 8 Pro, and Windows 10 Professional.
Before using BitLocker, the Trusted Platform Module (TPM) must be enabled in BIOS. The TPM is a specialized chip installed on the motherboard. The TPM stores information specific to the host computer, such as encryption keys, digital certificates, and passwords. Applications, like BitLocker, that use encryption can make use of the TPM chip. Figure 1 lists the steps to enable TPM on a Lenovo laptop.
To turn on BitLocker full disk encryption in all versions of Windows, follow the steps listed in Figure 2.
Once the steps are completed, the Encryption in Progress status bar is displayed. After the computer reboots, you can verify BitLocker is active as shown in Figure 3. You can click TPM Administration to view the TPM details, as shown in Figure 4.
BitLocker encryption can also be used with removable drives by using BitLocker To Go. BitLocker To Go does not use a TPM chip, but still provides encryption for the data and requires a password.
The page has four figures. Figure 1: Lists the 5 steps to enabling TPM. Step 1. Start the computer, and enter the BIOS configuration. Step 2. Look for the TPM option within the BIOS configuration screens. Consult the manual for your motherboard to locate the correct screen. Step 3. Choose Enable or Activate the security chip. Step 4. Save the changes to the BIOS configuration. Step 5. Reboot the computer. Figure 2: Steps to Enabling BitLocker. Step 1.Click Control Panel > BitLocker Drive Encryption. Step 2. On the BitLocker Drive Encryption page, click Turn On BitLocker on the operating system volume. (If TPM is not initialized, follow the instructions provided by the wizard to initialize the TPM). Step 3. The Save the recovery password page enables you to save the password to a USB drive, to a network drive or other location, or print the password. After saving the recovery password, click Next. Step 4.On the Encrypt the selected disk volume page, select the Run BitLocker System Check check box and click Continue. Step 5. Click Restart Now. Figure 3: Shows the BitLocker Drive Encryption window verifying that BitLocker is on. The BitLocker Drive Encryption window can be reached from the System and Security category view in the Control Panel. Figure 4: From the BitLocker Drive Encryption window you can click TPM Administration to view details.