How to secure your Hard Drive

Posted on October 14, 2018 by - Windows, Windows 10

Here is how you can completely secure your Windows 10 Hard Drive

A computer’s value is mostly in the data it holds. Without the data, it’s just a bunch of components that can add and subtract bits. However, on default settings, your Windows 10 hard drive is pretty vulnerable and it is really easy to access it. If anyone has physical access to your computer, they can very easily access the data in a number of ways,

  • Using a live USB (a USB with a live version of an Operating System running on it)
  • Installing a separate Operating System on your PC using a bootable USB and then using it to access the hard drive
  • Physically prying open your laptop, taking out the hard drive and using a separate device to access it

To make sure your data is completely secure, you need to take security measures. First of all, you need to secure your computer’s boot menu with a password so no one can access the boot menu to use it boot from a separate device. This will prevent anyone from installing another OS/ using a live OS USB on your computer.

You can follow our guide to secure Windows by setting a password on the Boot Menu / UEFI Menu. However, this still doesn’t secure you from someone physically taking out your hard drive and using another device to extract the data. To prevent an attack like this, you will need to encrypt your hard drive so as to make it inaccessible without a password.

Here is how you can enable full-disk encryption on Windows 10,

Windows Device Encryption

Most modern PCs come with encryption enabled, thanks to Microsoft’s Windows Device Encryption feature introduced in Windows 8.1. There are a number of limitations you need to consider before relaxing and considering your device safe and secure.

First, you need to check if Windows Device Encryption is available for your device. Here is how you can check it,

Checking Windows Device Encryption Availability

First, you will need to sign in to Windows with a Microsoft account or an account with an organization’s domain (admin account).

  1. Open the Settings app by pressing START + I.
  2. Click on System.
  3. Click on About, scroll down to the bottom and see if it shows anything about Device encryption. If it doesn’t, your device doesn’t support Windows Device Encryption.

If it doesn’t show Device Encryption, you can try another encryption tool by Microsoft called BitLocker.

Encrypt Using BitLocker

Made by Microsoft, BitLocker is a more powerful encryption tool that offers full disk encryption for Windows devices. It is designed to protect data by providing encryption for entire volumes using the AES encryption algorithm. The catch with BitLocker is that it is only available for Windows Pro, Enterprise, and Education users.

BitLocker is most secure on a computer that contains the Trusted Platform Module (TPM) hardware but you can still enable BitLocker without one. A TPM chip allows a computer to store encryption keys.

Here is how you can enable BitLocker,

  1. Sign in to Windows with an administrator account.

  2. Select the Start button, then type manage BitLocker.

  3. Select Manage BitLocker from the list of results.

  4. Select Turn on BitLocker, then follow the instructions.

BitLocker

Encrypt using Encrypting File System (EFS)

Compared to BitLocker, EFS is a relatively naive encryption solution. Unlike the full-disk encrypting tool, EFS allows you to selectively encrypt specific files and folders.

It is very easy to use. You can select any file and folder to encrypt it and that file will also become unavailable for other users on the computer. It isn’t as secure as BitLocker and the encryption key is stored locally on your system, so it is relatively easy to access a file encrypted with EFS.

Here is how you can use EFS to encrypt a file,

  1. Right-click on the file/folder you want to encrypt.
  2. In the General tab, click on Advanced.
  3. Check the box against Encrypt content to secure data.

Enabling EFS

 

Encrypt using a Third-Party Software

There are a number of third-party encryption tools available that support full-disk encryption. Here are some of the most popular softwares,

  • Check Point – Download
    Check Point Full Disk Encryption Software Blade provides automatic security for all information on endpoint hard drives, including user data, operating system files and temporary and erased files.
  • Dell Data Protection | Encryption Enterprise – Download
    Dell Data Protection | Encryption Enterprise Edition offers comprehensive solutions with strong manageability so you can be confident your data is secure.
  • McAfee Complete Data Protection Advanced – Download
    McAfee Complete Data Protection — Advanced suite protects your data from risk of loss, theft, and exposure using a combination of powerful enterprise-grade endpoint encryption, access control, and user-behavior monitoring

Some other popular softwares include Symantec Endpoint Encryption, WinMagic SecureDoc Enterprise, and more.