File System Encryption

The main objective behind data encryption is to protect the data stored in network devices. With many organizations collecting personal information from users such as email ID, name, country, birthday, and more, it's important to keep this information safe and secure from attackers. 

A single lost or stolen device can lead to a lawsuit if the sensitive data stored on it is breached. With proper encryption procedures in place, you can lower the impact of lost devices carrying sensitive data by a great margin. There are several different types of data encryption methods, including Triple DES, Twofish, Blowfish, RSA, and AE, and we'll discuss some of them here. Below you'll find ManageEngine's recommended encryption procedures for better security and data protection.

Encryption types

Encrypt data on devices through:

1. Individual file and folder encryption
2. Volume encryption
3. Full or whole-disk encryption

Individual file and folder encryption

Using this method, you can encrypt a selected list of documents; you can select a single file or choose the entire folder. If your organization contains a limited number of resources, then you can use this encryption. You should note that this encryption alone does not ensure complete data security.

Volume encryption

With this method, you can create containers and manage the files, folders, and other documents inside these containers, keeping those documents encrypted.

Full or whole disk encryption

This is the most secure form of encryption; all the files, folders, and volumes are encrypted irrespective of the location they are stored. With this type of encryption, a passcode is require to access the data after encryption. If the passcode is lost or forgotten, retrieving this data is very difficult, even with an expert's assistance.

This is why it's always a good idea to keep a backup of your disk data before encrypting it.

Built-in encryption options

All major OS platforms come with built-in encryption capabilities.

Windows

Microsoft BiLlocker is a disk encryption tool that comes with Windows 7, Windows 8.1, and Windows 10.

Follow the steps below to enable BitLocker for your computer:

1. Open Windows Explorer.
2. Right click on Drive C and turn on BitLocker to enable it.
3. A recover key will be displayed. Copy and store this key for later use.

Linux

Linux comes with a built-in encryption tool called dm-crypt, which is automatically installed during OS installation.

Third-party encryption tools

With the number of disk encryption tools on the market, it's best to choose the right one after a bit of research. VeraCrypt, DiskCryptor, and Gpg4win are some examples of open-source software that can help you.

Best practices for file system encryption:

Here are few basic practices to keep you on top of data encryption.

1. Secure data on your desktops, laptops, and servers using full disk encryption. 
2. Always back up data before encryption.
3. Create a password or PIN with strong password formulation procedures. For example: use a combination of letters (both upper and lowercase), numbers, and special characters. The longer the password, the more difficult it is to guess.
4. While accessing the network, always use WPA2 and connect to a VPN, which will help streamline traffic through a defined web tunnel.
5. Perform timely backups followed by complete disk encryption to keep your data safe and secure.