What you need to know about Encrypting Data

Do you store confidential data for your PhD? Does this data contain Personally Identifiable Information? If so, you should encrypt it.

Firstly, you should encrypt the information on your computer anyway. This means that if your computer is ever stolen, the first thing the thieves will do is wipe it, so your data won’t be going anywhere. This is called ‘Full Disk Encryption’. On Mac, it is available for all recent versions of MacOs (as well as iOS), while for Windows users, it is only available on Windows10 Pro.

Instruction for Mac users are here, while for Windows Users, its here. You should also do this for your mobile – both Android and iOS offer this service and again, it means that if your phone is stolen, it will be wiped without people getting access to your apps, contacts, etc.

The above guides are necessary, but not sufficient for the storing of PII. Instead, you’ll need to encrypt this data also, using a separate mechanism from the full disk encryption.

One simple way to do this is to use VeraCrypt. VeraCrypt is an Open Source successor to TrueCrypt, which was one of the most popular Open Source encryption tools until the developers mysteriously vanished, and sparked off a number of conspiracy theories.

VeraCrypt offers a simple-to-use system to easily encrypt files using strong encryption techniques and works on most operating systems. VeraCrypt can also provide Full Disk Encryption for operating systems which don’t provide the service (I’m looking at you, Windows 10 Home).

With VeraCrypt, you create a ‘Container’ which is encrypted and inside, you store your PII data. This container operates like a folder, and can then be used and backed up as normal or stored on a cloud account like DropBox. You can only open the Container using the password you set, so your files are safe so long as you set a good password.

You can also use Two Factor Authentication by securing the VeraCrypt file with both a strong password and a keyfile, which you save to a USB. This way, you’ll need both the USB and the password to access the files which have PII.

A word of warning however, if you forget your password, or lose the USB (if you have gone down the 2FA route), then you will have permanently lost access to the data…

Finally, as with all encryption software, you are using it to prevent the loss of data in the event that your computer is stolen, lost or hacked, and to protect the data given to you in the course of your research.

It won’t prevent someone from gaining access if they really want to, if they are an intelligence agency or a well resourced cybercrime group. Nor will it prevent official Law Enforcement agencies from arriving with a warrant and compelling you to open the folder. If you have the kind of data that needs that level of protection, this isn’t the blog for you. Try here instead.