Data Encryption as an Extra Security Measure for GDPR & Notifiable Data Breach
The GDPR put the world on fire as both users and companies have been made aware of the dangers a data breach poses. While GDPR only applies to European citizens and companies residing in the EU, the Internet made it so that almost everyone is somehow affected by its strict regulations.
Furthermore, Australian businesses have to respect the Privacy Act 1988 and its Notifiable Data Breaches (NDB) scheme. This means that the client data processed and stored by your company are twice as important. In case of a breach, you will be under the incidence of two privacy laws and the result may be tragic for the company.
Considering this, we advise our customers and readers to implement additional security measures, such as data encryption on their computer. Data encryption will help protect confidential data on your device especially if it was lost or stolen, you wouldn’t need to declare a potential data breach as you would without the encryption. One way to do this without investing in a specialised system is with BitLocker Drive Encryption, a piece of software designed to encrypt data stored on computer drives and comes part of Windows 10 Pro & Enterprise.
Important Note: BitLocker Drive Encryption is only available on Windows 10 Pro and Enterprise, so if you are running a Home edition, you will not have access to the software.
How to Encrypt Data on Your Windows 10 Pro Computer
We strongly recommend entrusting this task to a system administrator (or to a company such as Onsite Helper) given that the steps are quite complicated. Still, if you want to do it yourself, below are the steps to follow.
#1: Check if the Device can use BitLocker
The first thing to do, when you want to start encrypting data with BitLocker, is check if your device is fit for this software. Here are the steps to follow:
- Check if you have a Trusted Platform module chip (or a TPM) that enables the device to support more advanced security features. For this, go to Device Manager on your computer (Alt + X) and open Security Devices. If you do have a TPM device, you should find one device called Trusted Platform Module and version number (you need a TPM chip version 1.2 or later to support BitLocker).
- If the chip doesn’t show up in this list, you can check with the manufacturer’s specifications and see if the chip can be activated from BIOS.
- Some devices such as Surface Pro 3 and 4, or Surface Book come with the TMP chip integrated, so you don’t have to wonder about these.
Note: if you find the device doesn’t actually have or supports a TPM chip, you can’t turn on BitLocker. Still, it is possible to use the encryption by enabling additional authentication at startup from Local Group Policy Editor.
Here’s how to do it:
- Windows key + R (opens the Run command);
- Type in gpedit.msc and hit the Enter key
- In the window that opens, under Computer Configuration, expand the “Administrative Templates” module
- Choose “Windows Components”
- Click on BitLocker Drive Encryption Operating System Drives
- On the right, double–click on “Require additional authentication at startup” and make sure it is enabled
- Check “Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)”
- Click OK, and the process is complete.
#2: Run BitLocker and encrypt your HDD
If the device has a TPM chip, it’s highly recommended to make a full backup of your entire system before starting the encryption procedure (while BitLocker is stable, it’s best to be safe than sorry). Once the backup is complete, here is the procedure to follow:
- Press Windows + X and select Control Panel
- Choose System and Security BitLocker Drive Encryption
- Click on Turn on BitLocker
- Once BitLocker is activated, you have to choose how to encrypt the drive: via password or with an external USB flash drive
- If you choose to use a password, you will also receive a recovery key, in case you forget it. This key can be saved on a location chosen by you and can be used at a later date
- Click Next
- In the window that opens, you will be asked to choose between two encryption options: only used space or the entire drive. If you choose to encrypt the entire drive the process will be longer and you must make sure the computer stays on throughout the entire session.
- Next, you will be asked to choose the method: New mode or Compatible mode. Choose the one that suits your needs and click Next
- In the following window, check if “Run BitLocker system check” is checked and click Continue
The computer will restart and BitLocker will ask for the password chosen earlier in the process. Insert the password and press Enter. The system will start normally and you will be able to use the computer, but BitLocker will be running in the background and you shouldn’t turn off the system until the encryption is complete.
Once the drive is encrypted, you’ll see a new icon in My Computer, and the drive label will read BitLocker On.
Keep in mind: BitLocker Drive Encryption can be activated only for the main drive of your computer; you can’t encrypt all the drives connected to your device. Similarly, you can’t automatically encrypt every removable drive that is connected to a protected computer. For this, you will need BitLocker To Go, a software specially designed for secondary drives.
#3: Activate BitLocker To Go
- Go to Control Panel System and Security BitLocker Drive Encryption
- Under BitLocker To Go, select the removable drive you want to encrypt and select “Turn on BitLocker”;
- Check the “Use a password to unlock the drive option” set the password Click Next
- Choose how to save a recovery key that allows you access to the drive in the case you forget the password
- Select the encryption option (used space or the entire disk) Click Next
- Choose between New Mode and Compatible Mode (our recommendation is to go with Compatible Mode as it allows you to use the disk on other computers)
- Click on Start encrypting
Just like with BitLocker Drive Encryption, the process can be lengthy so make sure to not disconnect the drive or the computer until the encryption is complete. Also, if the drive is fully encrypted, as you add new data, it will be automatically protected.
Upgrade to Windows 10 Pro
As we already mentioned, BitLocker is not available on Windows 10 Home edition, which can be frustrating. However, this is the situation, and if you truly want to make sure your data is protected, we recommend making the switch to Windows 10 Pro as soon as possible (it’s only $99!).
Here’s how to do it:
- Make sure the current OS is up to date
- Purchase a copy of Windows 10 Pro by going to Start Settings Update & security Activation Go to Microsoft Store.
- Once the purchase is complete, install the new OS version
- Go to Start Settings Update & security Activation and follow the instructions.
As you can see, BitLocker can be a bit difficult to activate and install for a non-technical person. This is why we recommend you enlist the help of a professional company such as Onsite Helper. Furthermore, we can and activate other features that will keep you protected from malicious activities and the rigid rules of the Privacy Act and GDPR!