Information Security: File Encryption

Welcome to number four in our series of articles discussing Information Security.  You may find it helpful to read previous articles in this series: Information Security: An Introduction,  Information Security: Malware Protectionand Information Security: Personally Identifiable Information.

Encryption is the word of the day and we’re going to explore what it is, why you need it and what can happen if you don’t use it.  (This type of encryption differs from the encryption used by web browsers, in that the browsers only encrypt the data when traveling on the Internet.  An encrypted file is secure until you unlock it with the correct key.)

What does encryption do?

Think of encryption like a fireproof safe, just like the one in which you (hopefully) keep important papers (such as customer paper files that we discussed last time).  When you put something in it and lock the door, whatever is inside is reasonably protected.  Once you unlock the safe with your key (or combination), you can easily get to whatever is inside.

Encryption works in a similar manner.  Encryption is the process of transforming human readable information into something that makes no sense to a person.  In order to make the information usable again, you need to provide a “key” or password so that the computer will reverse the encryption process.  Only when the information has been decrypted is it of any use.  If the wrong key is entered, the file will not be correctly decrypted and therefore will be unusable – just like if you put the wrong key or combination into a safe.

What to look for

If you search for encryption products, you will see a bunch of technical terms like 128-bit, 192-bit, or 256-bit –- which refer to the strength of the encryption –- or SHA, Triple DES (or 3DES), and ASE – which refers to the type of encryption algorithm used.  I won’t get into the nuances of these technical details in this article because I want you to finish reading it.  What I will say is that whatever encryption tool you select should have at least 192-bit encryption capabilities – but the higher the number the stronger the encryption and the longer it will take someone to break it.

There are several different ways to implement encryption:  Full Disk Encryption, File Encryption, and Virtual Disk Encryption.  (There are more technical methods for encryption, but these are the ones that you need to be concerned about.)

Types of Encryption

Full Disk Encryption is just what it sounds like – everything on a hard drive is encrypted.  If you’re running Windows 7 Ultimate, you already have this available as a feature called BitLocker.  Microsoft, however, didn’t make this important feature available on lower cost versions of Windows.  Fortunately, most of the major anti-malware vendors we discussed in article #2 of the series also offer full-disk encryption tools.

File encryption is also pretty self-explanatory.  This is when you run an encryption tool to secure a single file.  This method works for hard drives as well as USB flash drives and for files that you may backup to “the cloud.”  Gnu Privacy Guard (GPG) is a sophisticated, easy to use tool for file encryption that offers a lot of other features as well.  It supports 2048-bit encryption, which would take today’s fastest computers 5,282,002,348,875,440 *10^204 centuries to crack.  (For you non-math geeks out there, that’s the number above with 204 more zeros at the end.)

Lastly, there’s Virtual Disk Encryption.  This one’s a little more technical, but offers the most flexibility.  What this does is create what looks like a file on your computer.   But when you open the file using the encryption software, it actually appears on your computer as another drive letter (in other words, a virtual disk).  You can then copy files to and from this drive letter, and when you close the software it closes and locks the file.  If you look on the real drive, though, it just appears to be a single file.  For using this option, TrueCrypt would be my recommendation.  (TrueCrypt will also do full drive encryption and has other advanced features as well.)  While it does take a little effort to initially configure a virtual disk, you only really need to do it once.

You can even combine the different types of encryption to further enhance your security.  You could use a full disk encryption product, create an encrypted virtual disk on that disk, then copy an encrypted file to the virtual disk.

More Protection – BIOS level passwords

There’s another feature available on most Windows laptops that you also should consider.  When you start your computer, you’ve probably seen something that says “Press F12 to enter Setup.”  This takes you into the computer’s BIOS (Basic Input/Output System) – essentially a chip that contains all of the information your system needs to start-up.  From here, it’s possible to configure passwords for your computer.  Look for the option of creating a hard-drive password.  (How to do this, and whether it’s even supported will vary by manufacturer.)  By setting up a BIOS-level hard drive password, you will have to enter a password every time you start your computer.  But if your computer is stolen, the hard drive can’t be read – even if it’s removed from the computer and connected to a USB adapter.

Taking the time to implement good encryption habits can save you a lot of trouble down the road, as discussed in our previous article.  But what if your hard drive crashes or your computer is stolen?  Even though your information is protected, you still need to have it available.  Next time we’ll look at backing up your information.


John Schaefer is an information security expert with over 20 years of experience in Global 100 corporations. His experience includes application development, network operating systems, network hardware, and security architecture. He is the Chief Technology Officer for Eastvale Consulting Services, Inc.

Susan Schaefer is the owner of Ships ‘N’ Trips Travel ( located in Brentwood, Tennessee and specializes in leisure travel with a focus on group travel and charity fundraisers. Through their division Kick Butt Vacations ( she focuses on travel for young adults under 35. Susan can be reached by email at or by phone at (888) 221-1209).


  One thought on “Information Security: File Encryption

  1. Steve Mencik says:

    In the “what to look for” paragraph there is a typo, “and ASE”. It should be AES, which stands for Advanced Encryption Standard.

Share your thoughts on “Information Security: File Encryption”

You must be logged in to post a comment.

Follow me on Blogarama