How to Use Encryption for Sensitive Files
Encryption scrambles your data so only authorised users can read it. Whether you're protecting business documents, personal records, or financial information, encryption is essential.
Overview
There are two main types: full-disk encryption (protects everything on your drive) and file-level encryption (protects individual files or folders). Both have their place.
Step 1: Windows Encryption
Windows offers BitLocker (full disk) and EFS (file-level) encryption.
Enable BitLocker Full Disk Encryption
- Open Control Panel → System and Security → BitLocker Drive Encryption
- Click 'Turn on BitLocker' for your system drive
- Choose how to unlock: password, USB key, or TPM (recommended)
- Save recovery key to Microsoft account, USB drive, or print it
- Choose 'Encrypt entire drive' for best security
- Select 'New encryption mode' for fixed drives
- Click 'Start encrypting' — process runs in background
SAVE YOUR RECOVERY KEY. If you lose it and forget your password, your data is permanently inaccessible.
Encrypt Individual Folders (EFS)
- Right-click folder → Properties → Advanced
- Check 'Encrypt contents to secure data' → OK → Apply
- Choose 'Apply changes to this folder, subfolders and files'
- Back up your encryption certificate when prompted
- Encrypted files show a lock icon or green text
Use 7-Zip for Encrypted Archives
- Download 7-Zip from 7-zip.org (free, open source)
- Right-click files → 7-Zip → Add to archive
- Set Archive format to '7z'
- Under Encryption, enter a strong password
- Set Encryption method to 'AES-256'
- Check 'Encrypt file names' for maximum security
7-Zip AES-256 encrypted archives are extremely secure and can be shared safely via email or cloud storage.
Step 2: Mac Encryption
macOS includes FileVault for full-disk encryption and built-in tools for file encryption.
Enable FileVault
- System Settings → Privacy & Security → FileVault
- Click 'Turn On FileVault'
- Choose recovery method: iCloud account or recovery key
- Write down recovery key and store it safely
- Encryption begins immediately and runs in background
- Mac remains usable during encryption
Create Encrypted Disk Images
- Open Disk Utility (Applications → Utilities)
- File → New Image → Blank Image
- Set name and size for the encrypted container
- Choose '256-bit AES encryption'
- Set a strong password
- Files placed in this disk image are automatically encrypted
Encrypt Files with ZIP
- Open Terminal
- Type: zip -e encrypted.zip file1.txt file2.pdf
- Enter and verify password when prompted
- Encrypted ZIP file created in current directory
- Works for sharing encrypted files cross-platform
Step 3: Encryption Best Practices
Make encryption effective with these practices.
Password Management
- Use long, unique passwords for encrypted files (12+ characters)
- Never reuse encryption passwords across different archives
- Use a password manager to store encryption passwords
- Document which files are encrypted and where keys are stored
What to Encrypt
- Financial documents: tax returns, bank statements, invoices
- Personal records: passport scans, medical records, insurance
- Business documents: contracts, client data, HR records
- Passwords and access credentials
- Anything you wouldn't want public if your device was stolen
Need Professional Help?
Our engineers provide expert assistance with setup, troubleshooting, and ongoing support for businesses and individuals across Cornwall.