You can encrypt your hard drive, but the protection may not be worth the hassle

Encryption could impact other computer activities, and it could also make file recovery harder. Here's how to encrypt without regrets.

Phil has "a client who needs to encrypt her hard drive," and asked me for some advice.

A single encrypted folder is good enough for most people, but a completely encrypted drive provides the strongest protection. Windows can leave bits of encrypted files in places like the swap file. A thief or fence wouldn't take the time to find them, but a sufficiently skilled, motivated, and well-funded hacker might.

[Have a tech question? Ask PCWorld Contributing Editor Lincoln Spector. Send your query to]

But that level of security comes at a cost. Encrypting the entire drive can brick your PC. Make an image backup first, and make sure you have emergency repair drives for both the encryption software and your image backup program.

That's not all. Should your computer or hard drive crash, your chances of successfully recovering lost files drops considerably. Even a Windows reinstall can leave your files inaccessible if you didn't take proper precautions.

If the PC is using Windows 7 Ultimate or Enterprise, or Windows 8 Pro or Enterprise, you can use BitLocker, which comes with these versions of Windows. But you have to know what you're doing.

BitLocker works best in an environment where a professional IT department serves users who may not know what the word encrypt means. You can set it up so that the user doesn't even know that the drive is encrypted. When they log into Windows with their password, they get access to the encrypted files. If they log into another account, or boot with another OS, the files are unreadable.

What's more, if you need to reinstall Windows, or restore the files from a backup, you'll need a special digital key that's created when you encrypt the drive. That key has to be stored elsewhere and someone has to know where to find it. That's where IT comes in.

Third-party encryption programs are more straightforward. When you boot the PC, you have to enter the encryption password before Windows can load. Because the password is used on a daily basis, it's unlikely to get lost.

The free and open-source VeraCrypt does a good job. The wizard to set up drive encryption is long, but reasonably intuitive.

But VeraCrypt has its limitations. For instance, it won't work on PCs using the newer GUID partition table.

Your choices, unfortunately, are limited.

Join the CSO newsletter!

Error: Please check your email address.

Tags pcworldstoragesecurityencryption

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lincoln Spector

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts