With the most useful user and group creation and authorisation to file sharing from local to whole network, Windows does a great job managing all of these with just little knowledge. What question then arises is, how protected these data are? Is authentication and authorisation enough? The answer is no. They don’t confirm a heavy layer of security but put some good guards at the gate.
If anyone manages to pass through the gate, then what?
Windows built-in encryption
This is where the Windows built-in encryption comes in play and provides a heavy layer of security. One of the scenarios you can think of, by now as you know that how much a powerful administrator account is and how they can override any authorisation from any account by claiming ownership. Well, this is all good and feel top of the chain if you have the administrator permission. Yet, what if you are one of the standard users who does not have such an administrator permission and want to keep your data private? This is where you can put this encryption to lock you files and documents, where you can constantly disappoint administrators.
Three options for encryption
If you have the encryption option available to you or not depend solely on the kind of Windows version you are using. That can range from none to three options for data encryption. For the people using Windows Home version they have to let go of this with a sigh. For the Advanced Edition Windows users, are freely available to use this heavy security feature called Encryption File System or EFS. For the people with the most advanced edition of Windows, they have the option to totally encrypt a whole drive through BitLocker.
The Encryption file system
With the Encryption file system, you are easily able to encrypt any files, documents even folders. This encryption is pretty easy to implement. The easiest way to do so, right-click on the file or folder you want to encrypt, select properties. In the box, look for the advanced tab, which should be somewhere in the bottom part of the box. There you will see several of useful options. The most interesting part is at the bottom for our purpose here.
Look for a checkbox that says, “encrypt content to secure data”. This is where the locker resides. Click OK and proceed through closing boxes with OK. For the properties box too. With this, you will be encrypting your files and folders from anyone other than your own account. The only way anybody can get access is if they have your account pass.
The risks of encrypting your data on Windows
One of the core risk factor here you should think before encrypting your data is, your account password is the key here. If you lose your password, do not recall or worse, if the administrator resets your password, you are absolutely doomed and the file is ever locked and lost in the world of data of unique numbers and characters. This is not it, another risk factor is, if your system dies for any reason, you try to plug-in the hard drive any other Windows system, there is still no way you can have access to the data. This is because, the encryption implemented lies only in the specific Windows installation that you have or had in the system during the file encryption.
So this is one of the core risk factor you need to remember before you happily go around encrypting every possible data or worse the whole hard drive.
Another primary thing to notice that, by any chance you are moving or copying you encrypted file to any other hard disk that is NOT a NTFS drive, you will immediately be prompted with a notification saying the encryption won’t be applied to the file. Remember this is because the whole advanced security in Windows come in for NTFS formatted drive.
One of the solution you can implement is, make a copy of the data before you encrypt and store it in the cloud storage. This way you will always have a copy of the file in case you get caught under one of these risk factors.