How to use encryption to secure your data

If you don't have access to BitLocker, don't worry. TrueCrypt is a free open-source alternative. It enables you to encrypt entire volumes, including your system partition and also flash drives. You can also use the tool to create encrypted containers, inside which you can store sensitive files and folders. You can even hide sensitive containers or partitions from view – the 'Hidden Drives' box on the previous page reveals more about this option.

Download and install the program from here. Launch TrueCrypt and click 'Create Volume'. To encrypt the partition containing Windows, select 'Encrypt the system partition or entire system drive' and then click 'Next'.

The wizard is straightforward to follow – step one gives you a choice between a normal or hidden operating system. You can then elect to encrypt the partition on which Windows resides or the entire physical drive that it resides on.


If you choose the latter, you'll be given the option of leaving any hidden data at the end of the drive unencrypted – this includes any recovery partition that might be present. You'll also be asked if the drive you're encrypting is a dual-boot setup.

TrueCrypt won't be able to encrypt entire drives containing two or more operating system partitions, so it will ask you questions to confirm this before refusing to go any further.

Next, choose your encryption method and then pick your password. You'll need to enter this every time you boot your PC, so make sure it's something only you know, but won't forget. The usual rules apply: try a mix of letters and numbers, and avoid words that feature in the dictionary.

If you can, create a password that's more than 20 characters long. The keys are then generated. The last step prior to actually encrypting your drive is to create a rescue CD, which you'll need should the drive or boot sector corrupt. (Be warned, though: this is no substitute for remembering your password.) You'll then be given an option to securely wipe free space for additional security.

Following that, a pre-test will happen. This verifies that the computer can be booted successfully before encryption takes place. Once this has completed, click 'Encrypt' and let TrueCrypt do its stuff.

The process for non-system partitions and drives (including flash drives) is similar – just select 'Encrypt a non-system partition/ drive' from the Volume Creation Wizard and follow the steps.

Encrypt your files

Encrypting your whole drive might seem like overkill if you only have a handful of sensitive files and folders to protect. Alternatively, you might feel that your data is still vulnerable – after all, when you're logged on, everything is accessible.

Once again, TrueCrypt rides to the rescue with encrypted containers. These are encrypted files inside which your data is stored on a special volume that's assigned its own drive letter when mounted in TrueCrypt, enabling you to use it like any other drive.

TrueCrypt files

It adds an extra layer of security to your files in that you only mount it when you need to access it, and by remembering to unmount the drive when you've finished you can safely leave your PC on and logged in, secure in the knowledge that those files are inaccessible.

Secure your flash drive

Flash drives may have changed the way we transport data, but they're particularly vulnerable to data theft. That's why Microsoft developed BitLocker to Go, which enables you to encrypt your flash drive in the same way that you'd encrypt a drive in Windows.

Once done, you have to enter a password to use your drive. As BitLocker to Go is only available in Windows 7, Microsoft has developed a BitLocker to Go reader that enables you to read the drive's contents in Vista SP2 or XP SP3 – get it here.

BitLocker to Go isn't quite as portable as it could be, particularly if you're at someone else's computer and they don't want you cluttering up their drive. Once again, alternatives are available.

We've touched on how TrueCrypt can be used to encrypt your flash drive – the downside is that this can then only be used on a PC running TrueCrypt. So if you want to be able to access the drive from any computer without having to install TrueCrypt, we suggest going down the encrypted container route.

This means leaving enough free space on the drive to install a portable version of TrueCrypt (use the same set-up file you used to install it on your PC). You can then access the container on any PC without having to install TrueCrypt on that machine.

There's one drawback to using TrueCrypt in this way. It only works in administrator accounts, so if you think you'll need access to the drive while logged on as a standard user, take a look at Rohos Mini Drive instead.


The free version only supports up to 2GB file containers, but it works perfectly in standard user accounts. Get it from here. The set-up wizard does all the work for you, but note that it only creates a 500MB drive by default, so be sure to change this setting when prompted.