Hard Drive Encryption

Encrypting A Computer With Veracrypt

(Protection against GDPR “misdemeanours”)

 

By now everyone has heard about GDPR (General Data Protection Regulation 2016/679) and the possible fines that can be levied on businesses in the event of a breach. The maximum GDPR fine can be €20,000,000 or 4% of global turnover, whichever is higher. The GDPR regulations came into effect on 25th May 2018.

The Crown Prosecution Service (CPS) were fined £325,000 in 2018 for their negligence when they lost a bunch of DVDs of witness videos containing sensitive information. Had these DVDs been encrypted the loss would not have been so serious and the CPS may not have been fined at all.

Here is a link to the Information Commissioner’s Office (ICO) Website with an article about the case

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/05/cps-fined-325-000-after-losing-victim-interview-videos/

Had the videos been adequately encrypted then they would have been only good for use as coasters to place someone’s coffee cup on, as the data would have been inaccessible to anyone that got hold of them. This is how we should all treat our data, if it contains personally identifiable customer / client or just “people” information. This can be in the form of CCTV / video footage or people’s details. It is a common misconception that only businesses and organisations that store credit card or bank information need to be concerned, but this is simply not true. Any organisation that stores “personally identifiable” information has a duty to protect that information from falling into the wrong hands. A simple list of names is not personally identifiable as there can be more than one person with the same name. But addresses, phone numbers, email addresses are and if you store any of this type of information then you have a duty to protect that information.If you do not adequately protect it and it falls into the wrong hands then the fines can be severe for falling foul of the GDPR rules.

If a computer containing such information is lost or stolen then the data is easy to extract, with or without a password. It is so easy to get at information on an unencrypted computer that a child could do it. Go ahead and encrypt that computer with approved encryption software such as Veracrypt and then NASA couldn’t get the data from the hard drive. The encryption level is US government grade with no “back doors” as it is “open source” software.

 

A fully encrypted hard drive can and should prevent unauthorised access to your data in the event of loss or theft, or even when left unattended and switched on. However, if your computer is left unattended and not locked with a password then anyone can access it, so please take note about the instruction to lock your computer when you move away from it. To lock your computer quickly when you are leaving it unattended you can press the Windows key and the “L” key simultaneously. This locks the computer and you should need to enter the password to unlock it again.

When creating passwords make sure you keep a copy somewhere safe (in the company safe is a “safe” bet). You need to make sure you know which password is for what exactly. Ensure you distinguish between letter “l” and number “1” and letter “o” and number “0”.

Let’s Get Started Encrypting The Hard Disk Drive

 

You will need an empty USB flash drive (for the recovery info) – one per computer

A copy of Veracrypt (open source encryption software) available from:

https://www.veracrypt.fr/en/Downloads.html

At the time or writing the latest stable release is version 1.23-Hotfix-2

 

Please make sure you have backed up all your data to an external hard drive, or another computer before commencing the encryption process. If anything goes wrong with the process you can lose access to all your data rendering it lost. It is possible to wipe the hard drive and reinstall all the programs again, but your data is not replaceable without a backup.

If you log in to the computer with a Microsoft account I recommend changing the account to a local account first to avoid possible issues. I also recommend removing the PIN login and using a password instead.

Please make sure you are running on mains power as this process can take several hours to complete. A loss of power half way through can leave your data inaccessible, requiring the backup you created earlier and a complete reinstall of all your software including Windows.

After backing up your data you can run the installer that you downloaded from Veracrypt.

Once installed you should see the Veracrypt icon on your desktop.

Run Veracrypt and choose “Create Volume”.

Select “Encrypt the system partition or entire system drive”

Type of system encryption should be “Normal”

Area to encrypt should be “Encrypt the whole drive” if available, if not choose “Encrypt the Windows system partition”

Most machines should select “Single boot”

Encryption options should be left as default

Set a strong password, the installer recommends at least 20 characters, but it is up to you as this needs to be typed every time the computer starts up

Collecting random data is based on your mouse movements…keep going until the progress bar reaches the end

Keys generated…just click next

Create the rescue disk and follow the instructions (if you don’t verify the rescue disk you may regret it at a later date – I STRONGLY urge you to create and verify the rescue disk)

Wipe mode…just click next and follow the instructions

Veracrypt will do a test, restart your computer and Veracrypt will open again with a test successful  message (hopefully). Then you can initiate the full encryption. It can go on for 12 hours or more, depending on your computer specs and what condition the hard drive is in. The process can be deferred, paused, restarted, but I recommend not using the computer and letting it complete once started.

Label all your usb sticks so you know which one is for which computer, otherwise they won’t be any use to you if you ever need them. If you lose your encryption password you will lose access to your data and the only way to use the computer would be to erase the hard drive and reinstall everything. If your computer fails to boot up after encrypting you will need the usb stick to be able to access it, along with that password.

 

If you prefer I can do this all this for you, please let me know. Similarly if you get stuck, please give me a call, 07879 476 399

I can provide backup services along with or independently of the encryption service. I can also keep an eye on future developments, so when today’s encryption becomes obsolete I can advise and act on your behalf where necessary.

Good luck!

 

 

This document is advisory only and the author (Jason Smith) accepts no responsibility for any errors or omissions, nor any damage caused by following these instructions, nor the use of the encryption software itself (Veracrypt), either now or in the future. Data is the responsibility of the owner of the data and you can never have too many backups, so please ensure that you do have backups.

 

CALL 07879 476 399 WITH ANY QUESTIONS OR PROBLEMS

 

 

 

 

Comments are closed.