Wednesday, April 19, 2006

Keeping Your Computer Friendly -- Step 5: Encrypt Your Files

At this point you've done everything you can to protect your computer and wireless network from unauthorized access. Everything is secure, we're feeling good.

But we're not quite done if you're running Windows XP Pro and chose the NTFS file system (hopefully you did because it's more secure and more flexible than the FAT32 file system).

What happens when you take your computer, desktop or laptop, down to the local computer repair store to have a new video card added, a new hard drive or modem, or if you take your laptop with you when you travel and it is lost or stolen, or if someone breaks into your house and makes off with your computer?

All of your personal information stored on the computer is vulnerable to prying eyes unless your files are encrypted. Any files which contain your personal financial data (Microsoft Money, Quicken, files which hold account numbers and passwords, tax returns, etc.) should be encrypted, along with any other files you wouldn't want posted on the internet for anyone to see.

I don't encrypt all of my files, but I do encrypt those which, if in the wrong hands, could make my life (and my credit report) miserable.

Encrypting files is incredibly easy with Windows XP Pro . You can encrypt individual files or entire directories (so any file in that directory would be encrypted as well). I recommend encrypting at the directory level so any file added to that directory will be encrypted as well.

To encrypt a file or directory:
  • Right click on the file or directory
  • Select Properties
  • Select Advanced from the General tab
  • Check the box which says "Encrypt contents to secure data".

If you are encrypting individual files (and you can select more than one file at a time in a directory to encrypt them all at once) you will be prompted whether to encrypt the file and it's parent directory, or just the file.

The main difference you will notice when a file is encrypted is it's name is green in Explorer. Otherwise you won't notice anything as you open/close/save files -- the encryption/decryption process is automatic.

There are two more very important steps to take -- backup your encryption key and create a recovery agent. If your operating system is ever reinstalled, or your username is deleted and then readded (even if the same name is used), your existing key will be useless to decrypt your files.

It would take too much space to show the details for these two steps, but an excellent 5-part guide to everything you need to do can be found at Windows XP Pro: Using File Encryption . Highly recommended reading (and doing).

No comments: