We earn commission when you buy through affiliate links.
This does not influence our reviews or recommendations.Learn more.
Full Disk Encryption is excellent for preventing access if the gadget gets stolen.
Lets check Windows native BitLocker and its alternatives.
Or whats bad in a contractor in Japan losing a USB drive having the personal information of 460,000 residents?
The data wasnt encrypted.
So, a bad actor could easily access and sell personal data on the dark web.
They learned the lesson the hard way.
But that shouldnt be the case knowing how easy it is to encrypt the data.
The following sections discuss disk encryption, how to do it with BitLocker, and a few BitLocker alternatives.
Full Disk Encryption
Full Disk Encryption (FDE) refers to locking the drives to your system.
BitLocker
Windows professional, enterprise and education versions come preloaded withBitLockerdevice encryption.
Using BitLocker, one can password-protect the drives, which function normally once youre inside.
There is also a recovery key to reset the password, without which the disk contents will be illegible.
Besides, this works cross-platform.
For instance, a drive encrypted on Windows will remain safe on Linux.
Notably, this wont protect you once the system is unlocked.
Theseencryptionmechanisms will be fruitless for, say, spyware stealing your personal information, which you mightve unknowingly installed.
Ergo, they arent a replacement for antivirus oranti-spyware tools.
To get started, punch in BitLocker in the taskbar search and openManage BitLocker.
Now choose the subject disk and click onTurn BitLocker on.
The subsequent process is different for the operating system drive and non-system partitions, including portable disks.
And the machine boots up once the TPM returns the key.
A Trusted Platform Module (TPM) is a chip modern PCs ship with.
This is a separate chip ensuring overall unit integrity.
But you may need to activate this if your systemdoes not detect TPMeven after having one.
However, one can turn on the pre-boot PIN from the local group policy editor to enjoy maximum security.
Afterward, the TPM chip will ask for the recovery key and the pin before letting the machine boot.
The differentiator here is that these chips come with brute-force protections.
So, the attacker will have only a handful of tries before giving up.
Just remember to configure this before initiating encryption.
The process is simple enough.
First, open Windows Run by pressing+R, typegpedit.msc, and hit enter.
Next, you progress toEncrypt entire driveor theused disk space only.
Subsequently, you decide between usingNew encryptionor acompatible mode.
you’re able to choose the New encryption mode since this is an operating system drive.
The compatible mode would be more suitable for portable drives.
Finally, its recommended toRun BitLocker system checkon the following window to see if everything works perfectly.
BitLocker on Fixed Data Drives
Encrypting these partitions and drives is more straightforward.
This will ask you to set a password upfront.
While BitLocker is handy, its unavailable to people using Windows Home variants.
The second best free option isWindows machine Encryption, if your machine supports it.
This is different from the BitLocker in that it mandates TPM requirements.
Besides, there is no means of pre-boot authentication.
you could check the availability with System Information.
Open Windows Run, typemsinfo32, and press enter.
Scroll down to the bottom and validate ifMeet prerequisitesare mentioned againstDevice Encryption Support.
If it isnt, most probably your machine wont support machine Encryption.
However, you’re able to contact manufacturer support to see for possible resolution.
VeraCrypt
VeraCryptis free, open-source encryption software for Windows, Mac, and Linux.
Similar to BitLocker, you could encrypt system drives, fixed data drives, and portable drives.
This is more flexible and gives many options for encryption algorithms.
Besides, it can also encrypt on the fly.
So, create an encrypted container and transfer your files to encrypt them.
Additionally, VeraCrypt can create encrypted hidden volumes and supports pre-boot authentication like BitLocker.
However, the user interface may be overwhelming, but nothing that a YouTube tutorial cant sort out.
BestCrypt
it’s possible for you to callBestCrypta user-friendly and paid version of Veracrypt.
This gives you access to various algorithms and a host of options to achieve full disk encryption.
It supports creating encrypting containers and system drives.
Besides, you’re free to deploy a password-approved booting.
BestCrypt is a multi-platform encryption tool and comes with a 21-days free trial.
Commercial BitLocker Alternatives
These consist of enterprise-ready solutions based on volume licensing.
ESET
ESET full disk encryption (now part ofESET Protect Elite) is excellent for remote management.
It gives you flexibility with on-premise and cloud encryption solutions.
This features safeguarding hard drives, portable drives, emails, etc., with the industry-standard 256-bit AES encryption.
In addition, this lets you encrypt individual files using File Level Encryption (FLE).
you might check this out with the interactive demo or a 30-day free trial for a full-blown hands-on.
Symantec
Symantec, by Broadcom, is another leading player in providing enterprise-grade encryption facilities.
This full disk encryption supports TPM ensuring the tamper-free state of institutional devices.
Moreover, you get pre-boot checks, email, and removable disk encryption.
Symantec helps you set single sign-on and can also protectcloud-based applications.
This supports smart cards and has various recovery methods if the user forgets the passcode.
ZENworks
ZENworksfrom Microfocus is the simplest way of handling AES-256 encryption in any organization.
This supports an optional pre-boot authentication with username & password or a smart card with a PIN.
ZENworks features centralized key management to help users stuck at boot logins.
Finally, you’re able to avail of its free, no-credit card trial to see it firsthand.
FDE vs FLE
Sometimes its not worth encrypting an entire disk.
FLE is more common, and we often use it without acknowledging its presence.
For instance,WhatsAppconversations are end-to-end encrypted.
In a similar fashion, one can protect a file with FLE with tools such asAxCryptorFolderLock.
A distinct advantage of FBE over FDE is that all files can have different encryption keys.
Ergo, if one gets compromised, the others will remain safe.
However, this brings in the additional hassle of managing such keys.
Conclusion
Full Disk Encryption is crucial when you lose a rig containing sensitive information.
Personally, BitLocker is the best encryption tool for Windows users.
VeraCrypt is another option for someone who can endure a dated interface.
The only thing a business owner should avoid is vendor locks.
PS: Check out our encryption vs authentication software to brush up on the basics.
