Why should I encrypt my data

Encryption guide: How to protect your data

Postcards were once a tried and tested means of sending messages - in those days it hardly bothered anyone that at least the postman could read the contents of this "data carrier" in plain text. As far as the degree of secrecy is concerned, e-mail messages today are quite similar to the earlier postcards. Here everyone can read the text along with just a little effort and expertise.

So what could be more obvious than simply encrypting the data that is to be transmitted via e-mail? And while you're at it, all data on the hard drive and on all other transmission paths, as well as access via the web browser, via a VPN connection or for remote maintenance, should only be available in encrypted form.

  1. The built-in security
    Since Windows 200 it has been possible on an NTFS file system to encrypt files using EFS (Encrypted File System) so that another user can no longer access them.
  2. Windows warns the user
    If he only wants to protect a single file using EFS, the operating system advises that the folders above it also be encrypted.
  3. This is the only way to restore it
    When encrypting a file using EFS, the Windows system offers the option of securing the certificate and key on an external storage medium.
  4. The standard at EFS
    A file with the extension * .PFX is used for the so-called "private exchange of information" without a certification authority having to be used.
  5. The certificate was created successfully
    With its help, an encrypted file can then be restored even without the password.
  6. Properties of the file reveal it
    This file was backed up with the encrypted EFS file system.
  7. When accessing files, a user does not notice that he is accessing an encrypted file
    If he has selected the appropriate setting in the folder options, these files are displayed in a different color.
  8. Many possibilities, but only available with certain Windows versions
    The Bitlocker encryption technology makes it possible to encrypt entire partitions including the operating system.
  9. The "Bitlocker To-Go"
    This technology, which is available under Windows 7 and Windows 8 / 8.1, enables the encryption of mobile drives. Corresponding software can also be used under Windows XP for read access to these devices.
  10. Also absolutely important when using Bitlocker
    The recovery key can be printed out or saved on an external drive so that the data can still be accessed even after the password has been lost.
  11. Powerful free solution
    An open source solution that can completely encrypt entire partitions and also the area of ​​the operating system: DiskCryptor.
  12. VeraCrypt is to succeed TrueCrypt
    The developers have taken over parts of the source code from TrueCrypt, but eliminated the security holes. TrueCrypt containers can also be opened with this program.
  13. The freeware Cryptainer LE
    It enables files, directories and e-mail messages to be easily stored in file containers up to a size of 100 MB.
  14. The Protectorion Encryption Suite
    A free solution that combines many functions that users are already familiar with from TrueCrypt. It is also available in a portable version.
  15. DirectAccess from Microsoft
    With this feature, the manufacturer has integrated an access technology into the operating system that enables secure and encrypted access to the company network without additional hardware and VPN software.
  16. Scribbos from Stonebranch
    The solution allows encrypted communication over the Internet in a form similar to e-mail. It can also be integrated into Outlook and offers the user the appropriate encryption there (source: Stonebranch).

Since the "universal" encryption, which securely encrypts the entire IT at the push of a button, unfortunately does not yet exist, we have put together some exemplary encryption methods for the various purposes and corresponding programs in this guide.

The beginning: encrypt individual files

Anyone who has a reasonably up-to-date Windows system also has direct access to encryption for files and folders: Since Windows 2000, data carriers that have been formatted with NTFS (New Technology File System - the standard file system of modern Windows systems) have been file encryption is also available. Microsoft calls this feature EFS (Encrypting File System). The name is a bit misleading, however, as it is not a file system, but an operating system feature that can encrypt individual files or folders.

It is easy to use and integrated directly into the operating system: Right-click on a file or folder, then select the properties and click on "Advanced" under the attributes. After selecting "Encrypt content to protect file", the file is saved. It is now encrypted on the hard drive, while the process remains completely transparent to the user. If he has selected the appropriate setting in the folder options, he will only recognize an encrypted file or an encrypted folder by the different color - he will not notice any difference when accessed. But what does this encryption protect against? It protects against access by another user who is also working on this computer or who may access such a directory via the network. Even an administrator has no access to these files.

The files are still visible, the method only works on an NTFS file system and is therefore difficult to use on USB sticks or Windows systems, which mostly use a FAT file system. In addition, it is not possible to encrypt entire partitions with their help.