Encrypting your devices with Windows BitLocker
If your PC or laptop were lost or stolen, you'd immediately be worried about the cost of replacing it. But that's nothing compared to what you or your organisation could stand to lose if someone had easy access to the data held on your device. Even if someone can't sign in using your Windows user account (because they don’t know your username and password), an experienced thief could still boot your PC or laptop from a removable device and then be able to browse the contents of the hard disk, seeing all the data and documents saved there.
The General Data Protecton Regulation (GDPR) requires you to implement appropriate technical and organisational measures to ensure you process personal data securely. Article 32 includes encryption as an example of an appropriate technical measure, depending on the nature and risks of your processing activities.
If your devices store personal data, the most effective way to mitigate against the risk of unauthorised access, is to ensure that your entire device is encrypted so that its contents are only accessible to you or someone with the encryption recovery key.
The Information Commissioner provides further information about encryption on the ICO website and below we provide information about using Windows encryption software.
What is Disk Encryption?
Encryption is basically the process of making any type of data unreadable by anyone who doesn’t have the proper authorisation. Disk encryption will scramble the data held on e.g. your laptop’s hard disk and can only be unscrambled by users who have the right unique encryption key to make the data readable again.
Disk encryption is designed to protect data by providing encryption for entire volumes of the system drive/s in your PC or laptop, a separate fixed drive or other removable media, such as a USB memory stick, external hard drives or a memory card, thereby securing both your existing files and any empty space where you would save future files.
In the past there were a number of open source encryption tools available, the most popular of these was TrueCrypt. However since 2014, the program ceased being developed and is now considered insecure. Although there are alternatives, these tools are difficult to use for the non-technical user.
Fortunately, Microsoft has introduced its own encryption tool built into its Windows Operating system professional versions, called BitLocker. BitLocker is available in the following versions of Windows:
- Windows Vista and Windows 7 Ultimate and Enterprise editions
- Windows 8.0/8.1 Pro and Enterprise edition
- Windows 10 Pro, Enterprise and Education editions
Unfortunately, Windows Home and Starter versions do not include the BitLocker encryption functionality – but remember, if you are a registered charity, you can access heavily discounted Windows OS upgrades via Tech Trust.
Why should I use BitLocker?
BitLocker is Microsoft’s “easy-to-use” encryption tool and has been recommended as assured data-at-rest protection by the UK government’s National Cyber Security Centre for Windows 7, Windows 8/8.1, and Windows 10.
Minimising the recoverability of data, so that only authorised persons can access data, limits the risk to an organisation of a lost or stolen laptop computer or portable storage device and as mentioned previously, is an expectation under GDPR that you have mitigated this risk if you are storing personal data which could result in harm to the individual if it fell into the wrong hands.
If a portable computer is protected by BitLocker, you can be almost certain that any data hosted on that misplaced computer will be inaccessible to unauthorised third parties.
How to encrypt your devices
We have put together a downloadable Step by Step sheet taking you through the process - both for PCs and removable disks, including screen shots and guidance.
For further information - please see Microsoft’s official BitLocker FAQ whihc includes quick answers to general questions covering all things BitLocker.