Why encrypt? That’s easy, small devices like USB flash drives and even smaller MicroSD flashes can get lost, easily. If that happens, why anguish over the fact that you may have exposed any of your own data, let alone data belonging to the Enterprise you work for (which might result in negative consequences for you).
You have a choice when it comes to encryption technologies, for example SanDisk Extreme USB 3.0 drives can be password protected. But, most of these solutions have at least one unattractive feature. In most cases, it requires software to enable the encryption, its not usable on all computers, its extremely slow or very expensive.
If you can live without super speed, the Apricorn line of encrypting storage devices offers the best system compatibility you can get (ie. It works with Windows, Mac OSX and Linux; essentially, anything that can read a FAT32 File-system). But at $65 for a 4GB USB 2.0 Drive, you might be asking yourself, “are there cheaper alternatives”.
Well, that depends, as long as you don’t have to cross platforms (ie go from Mac OS X to Windows or Windows to Mac OS X), yes, there is one built right into Windows 7 through 8.1. Linux has an encrypting file system and so does Mac OS X. I post instructions on each in turn.
First, lets start with Windows. You must have a Professional, Enterprise or Ultimate Edition of Windows 7, 8 or 8.1 to begin.
Encrypted volumes (USB Hard Drives, USB Flash Drives, SD, MicroSD, etc) can be read on any version of Windows 7 and above, but you must have a Pro, Enterprise or Ultimate Edition to encrypt the media to start.
Lets start with Windows and I will post Windows 8.0/8.1 a little later and the rest as time allows.
Please note before beginning, in some cases you can encrypt portable media and devices while there is data already on the device. Given that support for this can change over time, is not a universally accepted method… NEVER encrypt media with data already on it, unless you backup it first and expect to have to copy it back when done.
- Start by plugging in the USB or flash media you wish to encrypt. Then right click on it in Explorer. In my case, I am using a 32GB flash drive known as “G:”. If you have a version of Windows that is capable of encrypting the media, you will see the Turn on BitLocker… in the context menu. If you do not, then you do not have the appropriate version. If you do, select it to move on.
- You will next be asked how to unlock the encrypted drive. Always select Use a password to unlock the drive, as the second option, using Smart Cards is advanced and likely not supported anywhere on campus at this time. So check the password box and type in your unlock password twice. You don’t have to use anything sophisticated, but it has to be a bit more complex then a birthdate, the names of family members, pets, your car, your dream car or essentially anything that would be easy to guess (except by you). Then hit Next
- The next screen will ask you how to save the recovery key. This key can be used to recover data from the encrypted media if you forget your password. You can print it or save it as a file, its a matter of personal preference so choose which you are most comfortable with. However, there are some do’s and don’ts. For the saved file, don’t store it on the encrypted media, it can’t help you if you forget your password. For printed keys, please keep them private, taped to your keyboard or posted on a wall is not private even if it is in your office.
- The next window gives you a few warnings and then lets you proceed by clicking Start Encryption button. This will take a while, the larger the device, the longer it will take. So be prepared for anything from 10 minutes to a day or more. My 32GB flash took a little over 10 minutes, your speed will vary based on how fast your computer is and what version of USB you are using. On the outside, something like a 1TB USB 2.0 drive on a 3 year old desktop, would likely take a day or more.
- The encryption process will show the progress.
- And when its done, note the difference in how the icon for the media is displayed. It now has a lock on it. The lock will be closed when the media has not been unlock and open when it has.
- Once this is all complete, if you right-click on the media again, you will see the Manage BitLocker menu item. From there you con manage device.
- One of the things on the BitLocker management window is the Automatically unlock this drive on this computer. Believe it or not, we recommend you select that for every computer you plan on using the media frequently. The main goal here is to ensure that, if you media device is stolen, the data on it is not accessible. Your ease of access to the encrypted data is very acceptable option. The only time this is not the case is when you are using a computer that is public or shared by many people who might not be so trustworthy.
Lastly, if you want to remove the encryption, there are a few things you can do, but, the most straight forward is to back up the data and then format the device. Always take care to back up the data before wiping any device.
There are some downsides…
Use on Windows XP requires a download from Microsoft and is not backward compatible beyond that. But you should have moved away from XP as its no longer supported.
As in all encryption and compression technologies a physical error on the media can cause significant damage to a file.
If you forget your password or loose the recovery key the data is generally unrecoverable. If you system administrator(s) have set up enterprise BitLocker with the recovery option and the workstation you used to create the encrypted volume is in the enterprise’s Domain, then the administrators can still recover the data for you, even if you forget your password or loose the recovery key.