Encrypt Everything – Full Disk Protection

As part of an ongoing series, we’re helping to explain the various steps to encrypt and protect the your most valuable data. Follow along each week for practical privacy how-tos.
One of the first steps every new computer owner should take is to enable full disk encryption. This typically involves activating FileVault on macOS or BitLocker on Windows. Both applications ship with the operating system by default, meaning they’re readily available – for free – to any user.

Why Disk Encryption Matters

Your personal computer is arguable the most exposed facet of your digital identity. It has access to your files – everything from backups to personal documents to tax records to photos of your children. It has access to your online accounts – social media, email, and even online banking are often available without a login from your trusted device. It’s also an easy target for physical attack.  Laptops are remarkably easy to steal – they are small and portable.  Even a modern desktop computer is fairly portable and can fall victim to physical theft. Once an attacker has unrestricted access to your machine, they’re able to access everything you left behind. Even worse, someone with access to your primary machine can impersonate you to services you trust! Using FileVault or BitLocker makes this much more difficult.

How It Works

Full disk encryption is completely transparent to you as the user, Once set up, the operating system will encrypt the contents of your drive with a secret passphrase only you know. When the machine boots, you must specify this passphrase in order to unlock and decrypt the drive.  The system will boot normally from there, and you can use every app and file normally. To enable this feature on Mac:
  • Open System Preferences
  • Navigate to Security & Privacy
  • Click the FileVault tab
  • Click the lock icon to unlock settings
  • Turn on FileVault
To enable this feature on Windows:
  • Sign in as an administrator
  • Open the Start menu and enter “encryption”
  • Select “Change device encryption settings” from the autocomplete menu
  • Select “Manage BitLocker” and turn it on
Once enabled, you’ll have to enter a password each time the machine boots. On macOS, this will usually serve the dual purpose of logging you in. On Windows, you’ll also have to log in with your regular user account.

What’s Next

That’s it! While the initial process of encrypting your drive might take a few days (depending on your system’s speed and the amount of data you’ve already got), this is all you need to do to encrypt your enter computer. Now, even if someone were to steal your hard drive, they can’t do anything with your private data unless they also know the decryption key you’ve set up. Come back next week for steps to encrypt your mobile devices as well.