One option you might entertain is encrypting your whole hard drive. If you have a business-oriented laptop, your computer might have a TPM module. In this case, you can probably just use BitLocker, which comes with Windows. This will stop a thief from removing your hard drive, attaching it to another computer and then reading the contents.
What if you don’t have a TPM module? Or what if you want more protection than that? Again, I’ll reference the free, open-source product TrueCrypt. You can use this product to encrypt your hard drive.
This will encrypt the contents of the drive, and it will also prompt you on boot-up to put in a password.
PLEASE NOTE: You MUST have a DVD burner and an empty DVD. This process requires that you create a rescue disk and TESTS that rescue disk before it encrypts your drive. You cannot do this process with a DVD burner.
STEP 1: Backup your data
Make sure you have a rock-solid backup of your data. You are about to mess with your hard drive, so there is an off-chance that something could go wrong. You are best-served to back everything up!
STEP 2: No, seriously. Backup your data!
I’m not kidding, there were two instances where I lost my hard drive in the process of this (and changing some settings). It’s not likely this will happen to you, but it’s possible.
You are messing with the guts of your hard drive, you could lose it all, so seriously, back up your data!
STEP 3: Download and Install TrueCrypt
Go to http://www.truecrypt.org and download the latest version.
STEP 4: Figure out a good password
Electronic security is only as good as the password, so picking a good password is critical.
when you click next, this is the most important screen of all – the password. If you have a weak password, then this whole effort will be wasted! Again, take a look at Picking a good password before continuing:
next, you move your mouse around so it can get a really good random seed – and click Next:
after this step it will prompt you to create your recovery disk – and verify the recovery disk. After that, you specify the Wipe Mode:
I’d encourage you to read up on this – this is how the encryption process will handle deleted files. After this, it will do a “pre-test”, where it makes sure that it can modify the boot sector of your boot disk. When you reboot, you will see a prompt like this – this is where you put in your password from the step above:
Windows should then boot normally. When you log back in, you should see this pop up:
When you click “Encrypt”, this will start to encrypt your drive. This takes a LOOONG time – typically hours, depending on your hard drive.
I’m doing this on a VM that has a small, virtual SSD for a hard drive, so it is showing 43 minutes, but I don’t think that’s typical.
When complete, you reboot. Now, every time you boot your computer, you will see that boot screen where you put in your password, and from that point on – your computer should work like normal – except now everything on the hard drive is encrypted.
What did you gain from all of this? Well, someone would need to break your drive encryption password, just to be able to get to a Windows prompt. And, if you take this drive out and try to connect it to another device, it will basically be unreadable. So, this is a pretty solid way to keep your drive safe from the average attacker, and beyond.