Playing hide and seek with your data

I’m sure you don’t need me to tell you the risks of losing your laptop or having your home computer stolen.

You know there’s stuff on there that is of value to those who may choose to pry.

Of course, and I don’t mean this in a bad way, we all have documentation and data that is best not seen by others. Medical records, heartfelt correspondence, financial records... and it goes on.

In a previous article I spoke about the need to erase this data before your device or computer gets handed on, sold or scrapped.

But what about avoiding this hassle by hiding your data from plain sight in the first place, so it can’t be read by anyone but you?

The ancient art of encrypting data is alive and well in the computer age. It can be a practical way to protect you from all sorts of disasters.

These days most operating systems have data encryption built in...

• Windows https://support.microsoft.com/en-us/help/4028713/windows-10-turn-on-device-encryption

• MacOS https://www.hongkiat.com/blog/encrypt-mac-folder/

• If you are running an older computer or one without encryption included then a third party product like VeraCrypt (this used to be TrueCrypt https://www.veracrypt.fr/en/Downloads.html)

• or GoSafe (http://softwarefileprotection.com/gosafe-folder-protection ) may provide the answer.

• ...there are lots to choose from. Choose carefully and wisely.

There are many ways these systems work but essentially they all rely on some sort of key to grant access to files.

The key may be a password, it may be a special key file, it may be a special piece of hardware that needs to be recognized...it can be lots of things.

Encryption is only as good as its weakest link. If your password is “password” then password based encryption probably isn’t for you, unless you are prepared to lift your game. If you carry a large handbag or briefcase and constantly lose things in it, then a dongle may not be a good idea for you. If you aren’t good with copying files and backing up data then a key-file approach won’t be good for you.

Another weak link may be your backups. If you encrypt your computer but your backups are not encrypted then what’s the point? Your data needs to be encrypted everywhere or you are just wasting your time. It doesn’t have to be the same encryption or the same system, it just has to be hidden to a level that satisfies your minimal level of paranoia.

NOTE: using two strategies also covers you in the event of one system failing, such as if you lose the password or dongle.

Encryption is something that is best thought about when you are setting up your new device or computer. Adding encryption later can be risky and time consuming.

This is because your data gets “mixed up” with the encryption key and this is quite a processor intensive task for your computer. Also, while the file is being encrypted things can go wrong and it can be destroyed in the process. Have I mentioned “good backups” yet in this article? But I digress...

It is not all painful though. For example, sometimes careful people have passwords on their laptops. They’ll have a BIOS password, and hard disk password and probably a password for logging on to the system.

That’s three passwords that need to be entered for you to get started. Guess what, they are all easily circumvented.

However, if you encrypt your laptops hard disk you only need the one password to get started. You can turn off the other three because even if someone does get hold of your computer they can’t get at the data without your password or key.

Simpler and safer, who would have thought?

Addendum from Graham:

Hi Dave, I know that you know that I'm going to double check any Mac related links you send! :-) The steps detailed on that hongkiat blog do work, but unfortunately the Disk Utility dialogue when you create a new image "from folder" gives no option to choose a size. This means that Disk Utility uses a default size that it just a bit larger than the size of the original folder and therefore even though the dmg file is read/write you can't add much to it. You really need to create a blank image and the dialogue then allows you to choose a size. Afterwards you then drag the folders/files into the mounted image. Also in that dialogue you should probably choose a "sparse disk image" rather than "read/write disk image". Sparse images have a maximum size of the size you choose but the actual space taken is only whatever the contents are. eg. you could choose a size of 10GB as the maximum, but still only use a few MB. I did a couple of tests to confirm my beliefs - per screenshot below. Just in case you get a query from one of your clients..... :-) Regards, Graham

#security #harddisk #encryption