Data is now one of the most valuable commodities in the world; personal data is how companies like Facebook and Google make their fortunes, corporate data may consist of trade secrets or information needed to gain access to systems. Laptops are commonplace and portable enough to be easily stolen; the data these contain is often far more valuable than the device itself. Mobile phones now store significant portions of our lives such as who we know, where we work and who we bank with.
While the loss of a device can make your heart sink, it becomes a much bigger problem when it results in identity theft or a breach of sensitive data, but there are steps you can take to protect devices from unauthorised access.
What does storage encryption protect against?
Let’s look at device running Windows as an example. If the disk is not encrypted you might think the data is still safe so long as your password is not known, but this is not the case. The disk can be taken out and put in another PC where the OS will ignore the permissions assigned to the folders and files on said disk, a “live” OS can be booted on your device allowing the same access or a utility like Sysinternals or Pogostick Linux can easily remove the password on your account allowing full access to your account. With the latter method this could mean the unauthorised user now has access to your mail, online accounts or even company VPN – any system where you have saved login credentials for convenience.
If the drive is encrypted then none of this can be done, another OS cannot read the disk without the recovery key so data cannot be retrieved and the account passwords cannot be removed. In the case of a mobile phone, you’ll be protecting access to the internal storage which otherwise could be removed from the phone and read using another device.
What doesn’t storage encryption prevent?
Encrypting your device storage won’t stop a malicious program from uploading your data somewhere else, or encrypting it so that you can’t use it and holding you to ransom. Once the Operating System is running and the drive is “unlocked” your data is just as vulnerable encrypted or unencrypted, so you still need to be aware of other security advice, lock your devices when not in use and avoid risky behaviour.
What else should I know?
When setting up encryption, there will be a recovery key generated. It is very important that this key is recorded and stored in a safe place. If you forget a password or need to read your storage media from another device due to a hardware failure you will not be able to do so without this key. Conversely, if someone obtains access to both the key and your device they will be able to decrypt the data.