These days, security goes beyond simply creating strong passwords and using a VPN. Thieves have adapted to the times and are getting their hands onto sensitive data by exploiting unseen or little-known features. However, much of this can be prevented through the use of full-disk encryption on devices with hard drives.
Full-disk encryption is an easy-to-implement and highly recommended security feature which companies should adopt for their fleet of employee devices. Read on to learn about encryption, and why every device should use this securing method.
Encryption Keeps Data Safe
Encryption is a method of encoding a message or file so that only an individual with the correct cipher or key can understand it. It’s a common security feature of computer systems, software, and email. Encryption processes vary according to the algorithm and the nature of what’s being encrypted. Generally, however, the very basic process looks like this.
When a plaintext message is encrypted, it’s first passed through an algorithm which counts the number of characters in a message. The algorithm then appends additional bits, or spaces, to the end of the message so that the message can be divided by a specific multiple (usually of 16). Then, the message is divided into blocks, and each block is manipulated according to the encryption algorithm. Finally, the algorithm attaches a key to the beginning of the message which tells the recipient which algorithm to use to decrypt it.
Have you ever seen a text document containing a wall of random letters, numbers, and symbols? That’s encryption.
Full-Disk Encryption Takes It to the Next Level
The process above implies that the data is being encrypted by software. However, full-disk encryption (FDE) is encryption that occurs on the hard drive itself. It’s often called hardware-level encryption because it doesn’t rely on software. Instead, everything that goes onto that drive is encrypted.
For a computer hard drive, this means that the operating system, as well as all files, are encrypted when the computer is turned off and not decrypted until it’s turned on again. There are a few major advantages to this situation, which we’ll look at next.
Preventing Breaches with FDE
When correctly deployed, full-disk encryption makes it significantly more difficult to access the data that’s encrypted on the device. An unauthorized user would need not only physical access to the computer but also the master password to log into the machine.
Critically, this means that if a device is stolen or misplaced, the data can’t be decrypted even if the hard drive is removed and put into another machine. Thus, a company’s sensitive information remains safe.
Over the past ten years, FDE has become a best practice for computer security, especially in corporate environments. Company-issued devices have steadily gained presence. Controlling physical access to each and every device is extremely difficult.
Even ten years ago, misplaced laptops were already costing European companies alone the equivalent of 1.8 billion dollars. The amount covers more than just devices. It took into consideration the costs that accrued when confidential data was accessed.
Keeping Passwords Safe
FDE is useful for preventing breaches because nothing can be accessed on the hard drive unless the individual knows the password. For that reason specifically, a big deal is made about secure passwords. A hacker won’t be able to inject a piece of software onto a device which finagles its way into an encrypted volume. However, if the password is insecure – or written down on a sticky note and taped to a monitor – FDE is just as useless as every other security measure on that device.
Keep Company Devices Easy to Use and Still Safe
Full-disk encryption is a passive security measure which can be easily implemented on hard drives. Unlike using security devices like VPNs, secure login portals, or browser extensions, FDE doesn’t require users to take any extra steps to ensure security. Instead, encryption happens automatically the moment a piece of data is saved to a device.
In addition to being easy to maintain, FDE is also easy to implement. In fact, all major operating systems provide some capability for FDE. Hard drive encryption on Mac is done using FileVault. Windows, however, has included device encryption as a default feature since 8.1. To encrypt a hard drive on Windows 7, consider using the open-source FDE tool VeraCrypt.
Full-Disk Encryption and Other Tips from DME
Ever had a laptop stolen? For people who rely on them for work it is an extremely stressful situation. The realization of this worst-case scenario is a lot like having a bucket of ice water dropped from above.
After all, it’s not just the laptop which walked off. With it went financial information, sensitive materials, and everything a criminal need to steal an identity or hack company servers. Fortunately, with full-disk encryption enabled on a hard drive, companies can avoid catastrophic repercussions from compromised data in this situation.
Are you using FDE on your company devices? If not, contact DME today to learn how to implement it on your company computers.