Setting up a secure password and always logging off a computer will not protect your business data if it gets stolen. Without drive encryption anybody with physical access to your computer can remove the hard drive and access your data.
Disk Drive Encryption
The best method to secure a computer is to use hard drive encryption. Drive encryption makes files on a hard drive appear scrambled until a password is used to authenticate and access the drive. Even if a hard drive is removed from a computer the data is safe without the encryption password.
Third party drive encryption software is available from most anti-virus vendors including Eset, Symantec and Sophos. Microsoft offers a proprietary built-in feature called ‘BitLocker’ this is included in the Ultimate and Enterprise editions of Windows 7, the Pro, the Enterprise editions of Windows 8 and Windows 8.1, and also Windows 10, Windows Server 2008 and 2012.
Bitlocker is easy to set up and works best on computers that have Trusted Platform Module (TPM) built into their hardware processor. TPM allows Bitlocker to store and authenticate the drive encryption password.
To check a computer has a processor that supports TPM using Windows open ‘Device Manager’ and check the processor model against the vendors website TPM list. Bitlocker will work without TPM but requires a USB flash drive every time you start up the computer.
Bitlocker on a Windows 8.1 Pro machine using TPM allows a Windows Login password to seamlessly authenticate an encrypted drive. If a computer is on a Windows Server domain the authentication is against Active Directory Domain Services and a recovery key is backed up. If the computer is not joined to a domain a Microsoft account can be used with the recovery key backed up to Microsoft servers. More information on Bitlocker and drive encryption can be found at the official Microsoft Bitlocker FAQ site
Drive encryption is fast becoming a normal configuration for business computers, it minimises the threat of data theft and ensure computers performance remains fast and unaffected. Fentons recommend all modern business computers that contain sensitive data enable drive encryption. For advice on drive encryption and further business IT security option contact Fentons, we’re always keen to assist.