How To: Enable Hard Drive Encryption On Your Windows 10 Computer
3 min read
Encryption is the leading hot topic in the news and the workplace recently. Whether you understand the technology behind it or not, you should understand that protecting your personal data is important. Now in Windows 10 Pro and Enterprise Editions, sorry Home edition users, you can easily encrypt your hard drive with the built-in BitLocker.
What is encryption? Why is everyone making a big deal of it?
Encryption is the process of making readable information unreadable to unauthorized users. Even though you encrypt it, as the proper user, you can still read it and use it like you would any other day. If anyone else tries to read it or if you lose your laptop the data on the hard drive is protected from prying eyes.
Before you begin encrypting your hard drive it is highly recommended you backup your entire computer first in case there is a power interruption or other kind of failure during the encryption process. Also, if you installed Windows 10 on an older machine without the Trusted Platform Module (TPM 1.2) you may not be able to use BitLocker. To check if your computer has TPM open the Control Panel select BitLocker Drive Encryption then click on TPM Administration. If your computer does not have TPM you can still encrypt your harddrive through a different process that this post does not cover.
Enabling BitLocker is a fairly straight forward process, a few reboots and you are set.
NOTE – Once you enable BitLocker it is recommended that you turn off BitLocker when you do Windows upgrades (not the monthly updates), bios/firmware changes, or change hardware. Most users on laptops don’t need to worry about those things.
Open up File Explorer (My computer to the old school terminology) and Right Click on your hard drive, most likely C:, you will see an option Turn On BitLocker, click it.
You will be prompted for a password. This is very important to keep this password secure, if you lose this you lose your computer.
You now choose how and where you want to back up your recovery key. I would recommend to use the Microsoft account (if you have one). If not save it to something other than the computer you are going to encrypt, even print it off and place it in your safe/lock box. If you don’t have a safe or lock box you should get one.
Next you choose how much of your drive to encrypt. If it’s a brand new machine select Disk Space Only as you don’t have anything personal on it yet and the installed OS is not sensitive. If you have been using your computer for a while select Encrypt entire drive. Note – If you encrypt the whole drive this will take a long time. I recommend running this overnight and just let it do its thing. While it is encrypting you can still use your computer normally.
The next option is why type of encryption to use. If you are encrypting the local installed hard drive select New encryption mode if you are encrypting a USB that you will move from computer to computer select Compatible Mode.
After that you are ready to begin encrypting.
When it prompts you to restart, do so.
After the restart you will enter the password you set above, I hope you remember it.
The encryption process runs in the background. To check the status of the encryption open up File Explorer again and right click on the Local Disk (or the disk you chose to encrypt). Now you will see new BitLocker options, select Manage BitLocker.
You should see the status BitLocker Encrypting.
When the process is completed any content created and any communications will now be secured.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.
Subscribe
Facebook Page
Follow Me On Twitter
contactme@binaryblogger.com
