Most computers contain a storage device known as a Hard Drive. This Drive holds the Operating System and programs used to make your computer work, it also contains all the files, pictures, videos and downloads that constitute your personal data.
Normally, it is pretty easy to prevent anyone from accessing the information on your Drive - simply use a Login password on your Computer. The login password prevents anyone from accessing your computer and thereby accessing your drive data. But, let’s take that a step further because a Login password is all very well but a determined attacker will simply remove your Hard Drive from your computer and connect it to a different computer in an attempt to circumvent security.
So, how do you prevent someone with skill, time and resources from accessing your drive data? What can you do to secure your hard drive from prying eyes?
Encryption is a technology that protects information by converting it into an unreadable code that is almost impossible to decipher. Encryption uses either software or hardware to encrypt every bit of data on a drive.
Many newer computers (that are also supplied with Windows 10) will have Device Encryption already enabled, but there are some specific requirements for this so not every new PC has this feature. Also, Windows will only actually encrypt your drive if you sign in using a Microsoft account. This means that Microsoft will somewhere, be holding a copy of your encryption key and for many - that fact alone will be unacceptable.
Windows Encryption may also already be enabled if you sign in using an organization’s domain, for example, an employer or school domain. Your recovery key will have been uploaded to your organization’s domain servers.
To check if Encryption is enabled on your Windows computer, open Settings, navigate to System > about and look for the “Device encryption” wording at the bottom of the screen. If you don’t see anything about Device Encryption here, your PC configuration does not support Device Encryption, so it is not enabled. If Device Encryption is enabled or if you can enable it by signing in with a Microsoft account, you’ll see a message saying so here.
Windows professional users have to option of using “Bitlocker” If Device Encryption isn’t enabled, or you want a more powerful encryption solution (that can also encrypt removable USB drives) you will want to use BitLocker. Microsoft’s BitLocker encryption tool has been part of Windows for several Windows generations now and is generally well regarded. However, Microsoft still restricts BitLocker to the Professional, Enterprise, and Education editions of Windows 10 only.
BitLocker works best on a computer that contains a Trusted Platform Module (TPM) hardware, which most modern PCs do. Windows will normally say that BitLocker requires a TPM, but there is a hidden option that allows you to enable BitLocker without a TPM. You’ll have to use a USB flash drive as a “startup key” that must be present at every boot if you enable this option. If you already have a Professional edition of Windows 10 installed on your PC then you can search for “BitLocker” in the Start menu and use the BitLocker control panel to enable it.
There are also several 3rd party providers for full disk encryption independent of Windows.
Use a Hard Disk Password.
Many computers give you the option to set a “hard disk password” separate from the operating system and BIOS passwords. This is different from encryption because a hard disk password doesn’t actually encrypt your files.
Hard disk passwords fall into a strange security middle ground. On the one hand, they can disable access to your drive. On the other hand, they don’t protect your files as full-disk encryption would. As with encryption, Hard Disk passwords are not supported by all computers or drives yet they remain to be a useful security option where available. Having a separate password for your Hard Drive alone does cause a minor time inconvenience when logging in which is why many users disable it. However, once a hard disk password is set up - the drive will be fully locked from anyone that does not know the password. The computer will still switch on as normal but you will be prompted for a password before the OS will load.
The effect of this password means that the Hard Drive Data is safeguarded. Even removing the hard drive does not help, because the security feature is built into the Drive at a Hardwarelevel.
Use an SED.
The SED solves many several security issues and is easy to use with minimal impact on system performance – yet relatively few consumers or organizations use SEDs. A SED (or Self-Encrypting Drive) is a type of hard drive that automatically encrypts data on a drive - without any user interaction. A big portion of the drives currently in the market are in fact SEDs, but since manufactures do not often tout it as a major feature - it often gets lost in a large number of typically more important specifications. Even once you purchase, install, and start using one of these SED drives, the encryption is so transparent that you are unlikely to realize it is even a SED.
The encryption process is done through the use of a Data Encryption Key (DEK) which the drive uses to both encrypt and decrypt data. Whenever data is written to the drive, it first gets encrypted according to the DEK. Similarly, whenever data is read from the drive, it first gets decrypted by the same DEK before being sent to the rest of the system. This means that all the data on the drive is encrypted at all times. While having the data encrypt and decrypt automatically on a hard drive is useful, it isn't really all that useful on its own since the hard drive will automatically decrypt the data on request.
However, SEDs also allows you to set what is called an Authentication Key (AK) which acts as a password that locks the drive until the key is entered. If an Authentication Key is set up, the system will prompt for the key when it first powers on. While the number of attempts varies by manufacturer, generally if you put in the incorrect password after three or four attempts, the drive will simply stay locked. If that happens, the drive becomes completely unusable by the system until the computer is powered off and back on with the correct key. Even if you remove it from the original computer and plug it into a different computer the drive will still require the AK to be entered in order for the drive to unlock again. However, if you you plug it into a system that does not support SED encryption, the drive will be unusable.
SEDs are powerful, but they do have downsides. The main downside is that once the drive has been unlocked, it remains as such until the power to the drive has been cut. In other words, if you simply reboot the computer or put it into sleep, the drive remains unlocked. It is not until you completely power off the computer that it will again require the Authentication Key to be entered. In other words, if your laptop is stolen and it was only in sleep mode then the data on the drive is exposed.
If you have a user password set on the OS, a thief could still simply restart the machine, boot into a live environment, and have almost full access to your data. In fact, even if you have both an OS password and a BIOS password set, the data still could be accessed by moving the drive to a different computer without cutting the power. In laptops, this would be tricky (but not impossible) but on a desktop is actually rather easy with the right setup. So if you do decide to use SED encryption, our biggest advice is to get into the habit of powering off your system when it is not in use rather than simply putting it to sleep.
Clear the Data before Letting the Drive Go
Should you decide to donate or sell your computer, then it is imperative to ensure that all drives are clear of any important data and information. The usual procedure conducted by casual consumers would be to delete the files and maybe even reset the device. However, this is not sufficient. That may come as a surprise to most, but the truth is that data can be recovered from this using a little know-how and some freely available tools.
To prevent any tampering of your data after you give away or sell your old computer, use a data wiping tool that is reliable and easy to use. There is no better data wiping tool than the Redkey USB system. Just plug in the Redkey USB into an open USB port, power on the computer and let it do its magic! By Default, the Redkey will erase all data on every device it detects.
Don’t be Lax with Securing Your Hard Drive Data
Follow these tips to help secure your hard drive data. You owe it to yourself to protect your vital information. Using encryption, a hard disk password, self Encrypting drives, and the Redkey USB data wipe tool to clear old drives can greatly assist you with keeping your data secure. Redkey USB has a complete range of data wipe kits that are simple to use + 100% effective.
For more information, news, and useful tips about data security and technology, you can visit the Redkey USB site.