ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Why You Should Encrypt Your Entire Laptop

Updated on August 10, 2014

If you have a laptop and you take is out of the house with you, it is a good idea to have the entire hard-disk encrypted. This article will explain why and what software you can get to do this for you.

Most people have laptops rather than desktops these days, making them more easy to loose and be stolen. How easy is it for people to snatch your laptop from your table at a cafe?

Losing the hardware is not as big of a problem as losing the sensitive information contained on the laptop. The hardware is a thousand dollars lost, but it can be replaced. The problem is the personal and sensitive information that the thief stole.

Your laptop may contains sensitivity information like the banking, health, personal identifiable information, passwords, patient information, etc. This is a much bigger problem than losing a thousand dollars, because in some cases you may be required to report the data breach. And you or your employer may need to notify customers of this breach.

Okay, you really should not have customer credit card information on the disk of a laptop in the first place. But anyways, this is just a scenario of what people could have done.

While it is true that some thieves only care about reselling the laptop and not about your information, you never know. There could be identity thieves and hackers who wants access to the file where you wrote down all your bank passwords. Yes, people do write their online bank passwords in a file on their laptop. Otherwise, how else are you gonna remember all those passwords?

If you are going to write passwords in a file on a laptop, you should encrypt the file and store a backup elsewhere in addition to the full disk encryption that I'm going to talk about. I'll explain in the later section.

What if my laptop is password protected?

Having a password to log onto your laptop is not good enough. The thieve don't even have to crack your logon password (even though there are software that helps do that), but instead it would be easier to just unscrew your hard disk and have a disk reader and some software read the bits right off the surface of the disk. It can even read your previously deleted files.

But what if I just encrypt my sensitive file (such as that file that contains all the passwords to online banking). That's better but still not good enough. You still need to encrypt the entire disk, because the operating system sometimes write temporary copies of your files, browser can write information to caches, etc. And hackers know how to harvest the information from those.

How does Full Disk Encryption Work

With full disk encryption, anything written to the hard disk is encrypted. This means that temporary swap files and hidden files used by the operating system is also encrypted. Files are encrypted and decrypted transparently in real time as files are written to and being read from the disk and used. The user does not have to explicitly manually encrypt and decrypt files. The software handles all that. So user workflow is not affected.

eSecurityPlanet.com has a good article that explains this. While Full Disk Encyrption is pretty good protection, no system is 100% secure and the article goes into to some of the possible attack vectors even on a fully encrypted disk.

Before you do a full-disk encryption

Now that I have convinced you of the benefit of full disk encryption, before you jump in there are a few things you have to keep in mind. Don't blame me if you don't take these precautions and something goes wrong. It is possible that you can lose everything on your laptop. Not even the people at Geek Squad or other disk recovery specialist can retrieve your data. After all, this is the point of full-disk encryption -- no one in theory is suppose to be able to get the data.

Before you do a full-disk encryption ...

1. Depending on your encryption scheme, if you forget your password to access your laptop and possible another separate password to decrypt or possibly loose a removable token on a thumb drive, you may never be able to get into the data contained in your laptop ever again.

2. Let's say you are not going to forget your main password. But hardware and software can fail. The software that is going to initially encrypt the entire disk will take many hours to maybe day encrypting the whole disk. While rare, hardware can fail and something can go wrong during that time. It is possible that things gets partially encrypted and you no longer are able to get access to the information in the laptop again. That is why you need to do a full backup of your stuff before doing the full disk encryption.

That is why I mentioned if you have important documents that you can not afford to loose (like that file that contains all your passwords), you have to store it in another location -- like in a cloud backup, or safe deposit box, or whatever up to you. But it needs to be encrypted by itself when you store it up in the cloud. So you encrypt that backup file using something like 7-zip archive with a password. Or some full-disk encyption software comes with a feature to create encrypted archive.

3. There may be a slight performance degradation when you have your full-disk encrypted, because now the system has to decrypt and encrypt files every time you access the disk. The typical causal user is not likely to notice the performance difference. This only applies to people using disk-intensive software such as high-performance gaming or video processing.

Full Disk Encryption Software

The article on Time writes of a case of the stolen laptop back in 2010. While lots of things in the article are still true, its recommendation of the use of free and open-source TrueCrypt is outdated. TrueCrypt is NOT recommended anymore. Because on its site says

"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues".

Encryption software is complicated to write and need continual support and security fixes. You really should go with a commercial software that backed and produced by a large software company that have teams of engineers. This is not a time to go with free software or skim on cost.

If you are on a Windows machine that comes with Microsoft's BitLocker, you can use that. Or if not, you can purchase Symantec's Drive Encryption (also known as Symantec's Endpoint Encryption).

See Wikipedia for comparison with other various full disk encryption software.

My Experience with Full Disk Encyption

My Windows laptop is too old to have Microsoft Bit Locker, so I went with Symantec full disk encryption. It took many hours to initially encrypt the entire disk. But you can continue to work on the machine during encryption. The encryption pauses on its own when you sleep your machine, or when your internet connection is lost, or when it detects other issues. It will resume again on its own when conditions have restored. Although I haven't tried it, you can do a normal shut down from the Windows menu (not a forced power off) of your machine and the encryption process is paused and will resume when you start up again.

Keep in mind that your disk is not protected unless it completes 100% of this initial encryption process. There are various options. I selected the option where the encyption pass phrase is the same as my Windows logon. (Also sometimes known as single-sign-on) So now whenever, I boot up my laptop, the Symantec password screen comes up even before the operating system boots. This is same as my Windows password. So I don't have to enter my Windows password again for the Windows boot up.

Everything else works normally. I set my screen saver to turn on after 15 minutes of idle and when laptop lid is closed, or when laptop goes to sleep. The screen saver wakes with a Windows password prompt. If I need to step away from my laptop for a few seconds, I close the lid. Even if the thief steals my laptop with the lid open, they are likely to close the lid as they run away. The next time the lid is open, it is prompted with a password. To hack this password, the thief is likely to need a reboot of the machine which purges any random access memory. Only the disk storage is left, but that is encrypted.

So the only way a thief is able to get my personal information off this laptop is if they push me aside while the lid is open and then start clicking around to open my files.

I do not notice any performance difference. There is a lock icon at my Windows status bar to indicate that my disk is fully encrypted. Right-clicking on it enables me to open the Symantec Encyption Desktop, which gives me tools to create encypted archive files. Although I still tend to use 7-zip password archive.

I also get a PGP Viewer which allow me to decrypt files sent to me by individuals for whom I have their PGP public key (which I can store public keys in the Symantec Encyrption Desktop).

I also get a PGP Shredder where I can drag sensitive files to and it will irretrievably delete the sensitive file. Normal Windows file deletion can be retrieved by hacker professionals.

This blog entry was written in 2014 and is only opinion at the time of writing. Things may be different by the time you read this.

Comments

    0 of 8192 characters used
    Post Comment

    No comments yet.

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)