A Guide to Securing Small Business Data by Encrypting it
One big problem facing UK small businesses these days is the data security risk, but how do businesses go about encrypting their data?
A recent report from the Federation of Small Businesses (FSB) suggested that, cumulatively, cyber crime was costing British businesses millions. When estimated down to a per-business level, the FSB worked out that cyber crime is costing every business around £4,000 every year.
The study prompted the FSB to produce a list of top ten tips to protect your business from cyber crime – you can read them at the foot of our news story.
But what about encryption of the data itself? Let’s say you have an important document containing some sensitive business data – it could be a list of passwords, employees’ or customers’ personal details or a list of all your suppliers. Whatever it is, if anyone finds this document on your PC, laptop or on a USB drive, then they can read it – this is a big problem with lost and stolen devices – you lose your data too and it can get into the wrong hands.
Now, if you encrypt that very same data then nobody will be able to read it but you. So, how exactly do you go about encrypting your business data?
Well, this is just one method that I use and I’ll share it with you here because it’s a simple and easy solution.
I use a free, open-source piece of software called TrueCrypt and here’s how you can use it too.
Go to the downloads section of the Truecrypt website and download the version of TrueCrypt suitable for your operating system.
Download and save the file and install it on all the machines that you will use to access your encrypted data.
Running the software for the first time you will be presented with a list of drives and some options. In this instance you will want to click “Create Volume”.
Presented with the “TrueCrypt Volume Creation Wizard”, for the sake of setting this up for the first time, select the “Create an encrypted file container” radio button and click “Next”
Leave the option “Standard TrueCrypt Volume” checked and click “Next”
Then, at the select a “volume location” window click “Select File” and navigate to create a file on your desktop; let’s type in the name “test” and click “Save”.
Ignore the encryption options for now, you can go back to and explore these later when you want to set up another/new volume; for now we are just testing so just click “Next”
In the “Volume Size” window leave the “MB” radio button checked and type in the size you want for the virtual drive – let’s say 2MB and click “Next”.
Now this is the important part – You should now be at the “Volume Password” window where you want to type in a password. If you are going to use this volume for real then you absolutely must remember the password – There are NO backdoors in TrueCrypt so you MUST remember your password. Type your password in and type it in again a second time to confirm it and then click “Next” and then finally click “Format” for your new volume.
It is now created and you can use TrueCrypt properly.
In the TrueCrypt main window, go to “Select Device”, navigate to where you saved your volume (For the purposes of this test it should be Desktop/test) and then click “Open”.
Then select the drive letter where you want the virtual drive to be located and then click “Mount”.
At the password prompt type in your password and hit “OK”.
You should now have a new “virtual drive” on your PC where you can now save your sensitive documents. When you are finished updating or using those documents, all you have to do is “Dismount” the drive and your data is safely “locked away” again.
To gain access to it again, just run the TrueCrypt software, “Select File”, choose a drive letter and “Mount” the drive. Then you can see and access all the files in your new, secure and encrypted drive.
Tips for Using TrueCrypt
Now that you have used TrueCrypt to produce your first encrypted drive, you can use or delete this as necessary. I’d suggest you don’t put anything sensitive in TrueCrypt until you’ve got the hang of it, but once you have, it is easy to use.
- Install the TrueCrypt program on ALL the machines/devices where you will be accessing your virtual drive. So, for instance, if your encrypted drive is on a USB drive, make sure that every machine where you will want to run that drive has a copy of TrueCrypt installed.
- REMEMBER the password for every encrypted drive you have – If you lose it, you lose access to that encrypted drive, so be VERY CAREFUL.
- If you are placing sensitive data in your encrypted device, it might be worth keeping backup copies of that data and that drive, just in case – If you lose a USB drive or a laptop with your encrypted drive on, you will lose all your data – So, whilst whoever finds your encrypted drive will not have access to your data, neither will you.
- Make sure that you create an encrypted drive big enough to store the files you need. A 2MB drive will soon fill with documents so you might want to create GigaByte drives or even create encrypted drives in partitions or full physical drives.
- Make sure your passwords are strong. For more information see our article Secure password advice for SMEs.
- Because TrueCrypt is free and open-source it is developed and provided at no cost. If you find TrueCrypt to meet your needs and continue to use it then consider making a donation to the TrueCrypt developers. This will enable them to continue to develop the software.
This business advice article on encrypting your sensitive data using trueCrypt was written by is4profit’s business editor Paul Mackenzie Ross