How to

What You Need to Know About Remote Work: Encrypt Everything

One of the key elements of data protection is encryption. Users who regularly back up their files are familiar with the concept since Acronis always recommends to store data in an encrypted form. Doing so protects your data in transit to a local server or to the cloud, and it protects data when it is being stored on different media. If someone gains access to your file – either accidentally or maliciously – that person won't be able to read it or easily decrypt it if strong encryption algorithms like AES-256 are used.

AcronisCyber Cloud

The same applies to a work machine. Full disk encryption can be enabled by default in your organization, but often it is not since it’s not as critical in a protected office environment. If you’re working remotely, either at a home office or on the road, full disk encryption definitely should be enabled, because the likelihood is much higher that someone can get access to your machine.

Given the number of machines suddenly being used to work from home, we’ve prepared this short post on how to enable full disk encryption on Windows and macOS machines.

How to use Microsoft Bitlocker

BitLocker is a full-volume encryption feature that’s been built into different versions of Microsoft Windows beginning with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the AES encryption algorithm in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector.

To turn on Device Encryption in Windows 10, you need to be logged in to your Microsoft Windows account. The easiest way to launch a BitLocker is just type it in a search window.

Microsoft Bitlocker

As every encryption uses an encryption key, full disk encryption on Windows uses some machine or user data as a key for encryption. That key could be your Microsoft account, your Microsoft account password, your computer’s name, or any combination of these in a further encrypted way.

full disk encryption

Once you got into the main screen for Bitlocker, you need to turn it on. You’ll be asked if you want to back up your security key, which you should do, but on another drive (preferably a USB stick). You can choose whether to encrypt only used space or the whole disk during the next step.

After that, you are basically good to go, although the disk encryption that will take some time.

Full disk encryption for macOS

macOS has its own full disk encryption tool called FileVault. FileVault 2 uses XTS-AES-128 encryption with a 256-bit key, which is pretty similar to its Windows counterpart. FileVault 2 is available in OS X Lion or later.

When FileVault is turned on, your Mac always requires that you log in with your account password.

To turn it on:

  1. Choose Apple menu () > System Preferences, then click Security & Privacy.
  2. Click the FileVault tab.
  3. Click , then enter an administrator name and password.
  4. Click Turn On FileVault.

FileVault

You have to choose how you’ll want to unlock your disk or reset your password (if you ever forget your password). Apple recommends the following:

If you're using OS X Yosemite or later, you can choose to use your iCloud account to unlock your disk and reset your password.

If you're using OS X Mavericks, you can choose to store a FileVault recovery key with Apple by providing the answers to three security questions. Choose answers that you'll be sure to remember*.

If you don't want to use iCloud FileVault for recovery, you can create a local recovery key. Keep the letters and numbers of the key somewhere safe—other than on your encrypted startup disk.

Once initiated, the encryption occurs in the background so you can continue using your Mac. It only runs while your Mac is awake and plugged into AC power. Any new files that you create are automatically encrypted as they are saved to your startup disk.

When the FileVault setup is complete and you restart your Mac, you will use your account password to unlock your disk, allowing your Mac to finish starting up.