USB peripherals (commonly known as “flash drives”), memory cards, and external hard drives all make backing up and sharing your data simple. And they are becoming more critical as modern-day schooling, work, and life are increasingly awash in data. But what happens if you lose or misplace one of these devices?
In many cases, the result is a damaging data breach. On Aug. 9, 2019, the New York City Fire Department had to notify over 10,000 patients because an FDNY employee had lost an external hard drive that contained seven years’ worth of medical records.
Data breaches like this can be avoided if you encrypt your USB peripherals and external storage devices. Even if you are not handling patients’ personal health information on your flash drive, you will want to keep it secure. Hackers can find a way to put even the most seemingly innocuous data to use for their malicious attacks. If you encrypt your flash drive, it is much more difficult for attackers to get unauthorized access to the data it contains, even if they steal it or you misplace it.
What is encryption?
Encryption uses a complex algorithm to convert a message into a string of characters that are illegible. This transformation is specified by the encryption key. This same key is then also used to convert data back into a legible format. (This is how symmetric-key cryptography works. We discuss this more below.) ProtonMail, for example, uses symmetric-key cryptography in the end-to-end encryption it applies to all emails exchanged between two ProtonMail users.
Encryption is broadly categorized into two types — symmetric (AES, Twofish, Triple DES) and asymmetric (RSA) — based on whether the encryption and decryption keys are the same. Asymmetric encryption consists of a public key, which you can share publicly and use to encrypt data, and a private key, which you must keep secret. You use your private key to decrypt data that was encrypted with your public key. As long as your private key is secret, your encryption system is safe.
Should I encrypt my hard drive?
If you are a business user or a company, data protection regulations such as the GDPR or HIPAA might be mandatory, meaning you’ll need to encrypt your data to avoid costly fines. Even if your company is not bound by these regulations, it is still essential to encrypt your USB peripherals to avoid a data breach, which could cause irreparable damage to your business.
You should encrypt your personal external storage devices as well, especially when your flash drive has files on it containing sensitive or personally identifiable information. This type of data includes private personal or business details, photos, identification cards, plaintext passwords, login credentials, and financial information.
In other words, if the data you have stored in your external drive is solely for your use, then you should encrypt it, full stop. As these devices are small in size, they are prone to getting misplaced or stolen. Always encrypt such data, and remember to keep a backup as well. Needless to say, when you encrypt your hard drive, make sure you memorize your password or store it in a safe location.
How to encrypt your external hard drive
You have four main options when it comes to encrypting the data on your USB peripherals. You can:
- Encrypt each document individually using document processing programs
- Encrypt the entire external hard drive using an encryption system built into your device’s operating system
- Use a third-party encryption service to encrypt files or your hard drive
- Use a hardware-encrypted external hard drive
We discuss the advantages and disadvantages of each approach in more detail below. Except for hardware-encrypted USB peripherals, all of these encryption systems work on the premise that your document or flash drive cannot be accessed without entering the correct password.
File encryption using document processors
If you are specifically looking at encrypting documents or text files, you can use common document processing software like Adobe and Microsoft Word to directly encrypt your files. No one will be able to access the content of these individual documents without entering the preset password.
Hard drive encryption with operating systems
If you would like to encrypt your entire flash drive or USB peripheral, most modern operating systems (OS) including Windows, macOS, and Linux have built-in encryption tools that give you this option. For example, you can use BitLocker on Windows, FileVault on Mac, or LUKS on Linux to encrypt your flash drive.
The only limitation of this type of encryption is that it will not work across operating systems. If you encrypt your flash drive with BitLocker, you cannot use it on a macOS device unless you have the relevant software installed for the respective platform. To view BitLocker encrypted files on a Mac, you would need to install a separate program.
However, if you want to password-protect all the contents on your drive for enhanced security, here’s how you can go about it:
Third-party hard drive encryption software
Another way to encrypt your data is to use third-party encryption software. VeraCrypt and AESCrypt both offer AES-256 encryption, an industry standard for security. Both solutions are also free and open source software (or, VeraCrypt’s case, source-available software), which is important because it allows you to verify that a program does exactly what it claims by looking at its source code.
Learn more about ProtonMail and open source.
One key difference is that VeraCrypt is used to encrypt the entire USB peripheral (as well as your device’s hard drive), while AES Crypt is used to encrypt individual files. This makes AES Crypt ideal for encrypting documents that are being secured on non-end-to-end encrypted cloud storage services (such as Dropbox or Google Drive). However, you can still encrypt individual files and store them on your flash drive as well.
These tools can sometimes be platform specific, so you will need to be sure about where you intend to access the data before you proceed to encrypt it.
Available on Windows, macOS, and Linux.
Available for Windows, macOS, and Linux. Third-party versions are available for Android and iOS. The Android app is open source, but the iOS app is not.
Hard drives with hardware-based encryption
These devices generally use a combination of software and hardware-based encryption, which, in some cases, requires setting a passcode on a physical keypad to protect your data. But they also rely on proprietary code which can make it extremely difficult to verify their security claims. For any hardware-based encryption solution, it is impossible to verify whether the device has a backdoor. This is true of any hardware. For this reason, it is important you only purchase hardware from vendors or brands that you trust.
It is important to note that no encryption system is foolproof. You should pay attention to the latest news to ensure the encryption you have used remains secure. Hackers have developed some attacks against BitLocker, in particular, but they are generally not simple to implement.
However, this does not change the fact that encryption is not only easy to implement on your USB peripheral, but it is also an essential part of protecting your data. By properly implementing encryption on your hard drives and USB peripherals, you reduce the chances of suffering from various kinds of fraud, including identity theft and illegal financial transactions.
How to secure your files on the cloud
A final word on encrypted file storage:
It is often recommended to back up your files both physically, on external hard drives or USBs, and on online servers, otherwise known as “the cloud.” Whether it is Dropbox, Google Drive, or iCloud, you’ve probably already used a cloud-based storage system. These tools make it easy to store and access your files from anywhere.
Saving files to the cloud eliminates the risk of you misplacing or losing your USB peripheral. As long as you have an Internet connection and remember your password, you’ll be able to access your files. However, not all cloud storage services protect your privacy. Most major cloud services encrypt your files in transit but retain your encryption keys, which means they can access your files at any time. This also makes these services more susceptible to data breaches.
ProtonDrive, Proton’s upcoming cloud storage option, helps mitigate the effects of data breaches by using end-to-end encryption. This means your files are encrypted on your device before they are sent to our servers, and only you have the ability to decrypt them. Therefore, even if our servers were somehow accessed, no one, not even Proton, would be able to access the files.
You can learn more about this security architecture in our ProtonDrive security model. The ProtonDrive beta will begin later this year.
You can get a free secure email account from ProtonMail here.
We also provide a free VPN service to protect your privacy.
ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan. Thank you for your support.
Feel free to share your feedback and questions with us via our official social media channels on Twitter and Reddit. Note that while blog comments also remain open, questions and feedback will not be responded to individually. Where relevant, we will incorporate the most frequently asked questions or comments into a blog update.