Numerous high-profile events in 2017 and early 2018 have made it abundantly clear that all enterprises and government agencies are responsible and liable for the protection of personal data collected from customers and clients—no exceptions. New regulations, such as the GDPR, which goes into effect May 25, 2018, will back those expectations of protection with substantial penalties and fines for the noncompliance.
To avoid potential fines, organizations need to demonstrate initiative by establishing measurable security protocols that protect collected personal data. One of most common methods for protecting stored data is encryption.
The software required to encrypt files and hard drives is readily available and is often offered for free or at low cost. Therefore, the establishment of an encryption protocol for your enterprise does not have to incur a large outlay of resources. The five encryption applications listed in this article are all free to use and perform their function using the highest industry-standard encryption algorithms available.
Some of the applications in this list will encrypt an entire hard drive, operating system and all. That means you will have to know the password or have a USB drive with the password file on it to access the system. Other applications will allow you to encrypt a single file or folder, if you prefer. The operational difference is important to keep in mind as you evaluate each app.
SEE: EU General Data Protection Regulation (GDPR) policy (Tech Pro Research)
1. BitLocker Device Encryption
Since the BitLocker Device Encryption software is integrated directly into Microsoft Windows 10, it is probably the most obvious application on this list. You will find the BitLocker app in the Control Panel, but the best way to get to the management screen is by typing bitlocker into the Cortana search box.
BitLocker is designed to work best with a computer or device deployed with a Trusted Platform Module (TPM) version 1.2 or later. The TPM is a hardware component that works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline. Older devices with no TPM can still use BitLocker, but users will need access to a USB drive that will act as a key to the system.
BitLocker encrypts the entire disk drive and not individual files or folders. This app works best for protecting entire PCs and devices with encrypted and secured access. BitLocker uses an AES encryption algorithm with both 128-bit and 256-bit keys. Obviously, it is restricted to use in the Windows operating system.
SEE: Essential reading for IT leaders: 10 books on cybersecurity (free TechRepublic PDF)
2. FileVault 2
Similar to BitLocker, FileVault 2 is a full-disk encryption tool; however, it is limited to use on OS X Lion or later. The app prevents unauthorized access to the information on an OS X device’s startup disk using an XTS-AES-128-bit algorithm with a 256-bit key.
To turn on FileVault, navigate to the System Preferences screen and click the Security & Privacy link. Of course, you will have to enter an administrator name and password to complete the process. Once the encryption is complete, FileVault will require you to log in every time your Mac starts up, and no account will be permitted to log in automatically.
SEE: Special report: A winning strategy for cybersecurity (free TechRepublic PDF)
VeraCrypt is an open source application based on the now abandoned TrueCrypt 7.1. Like BitLocker and FileVault, VeraCrypt is designed as a complete drive or partition encryption tool and not for the encryption of individual files or folders.
The software creates a virtual encrypted disk within a file and then mounts that file as a usable disk drive or USB drive. The encryption is automatic and performed on the fly so the drive acts like a normal storage device.
Since VeraCrypt is an open source project, its documentation is a bit sparse—and it’s cryptic at best. While this application does use advanced encryption protocols and keys to create an additional level of security, it is best deployed by professionals or users with advanced skills.
SEE: How to encrypt a USB flash drive with VeraCrypt (TechRepublic)
Unlike the previous applications in this list, AxCrypt is designed to be used for encrypting individual files or folders. AxCrypt integrates directly into the file explorer system of either Windows or OS X, making encryption as simple as clicking the right choice from a menu. The application can also be downloaded and installed on a mobile device.
AxCrypt also uses the same AES encryption algorithms with 128-bit and 256-bit keys as the other applications. In addition to integrating with system file explorer apps in Windows and OS X, AxCrypt integrates with cloud-based storage apps like DropBox and Google Drive, making it a flexible encryption application.
SEE: Encryption policy (Tech Pro Research)
AESCrypt is also designed to be used as an encryption tool for individual files and folders. The application integrates directly into the file explorer systems of Windows, OS X, and Linux. AESCrypt can support developers working in programming languages like Java and C# as well.
AESCrypt is an open source project and it uses the AES encryption algorithm and 128-bit and 256-bit keys. The documentation for AESCrypt clearly states that the software can be used for business purposes as well as personal ones.
This is important to keep in mind no matter which tool you choose to use for your encryption needs: Encryption, whether an entire hard drive or just a single file, requires the use of a strong password. Once encryption takes place, that file or hard drive can’t be accessed without providing that password. So be careful what you encrypt and make sure you use a password you can remember.