How to Protect the Data that is Stored on Your Devices
Description
The Bottom Line
Threat actors who gain access to your device will be able to read, and potentially even manipulate, steal, or deny you access to any data on your device that is not encrypted. You could also permanently lose your data if your physical device is lost or stolen or stops working due to normal wear and tear or an accident like dropping it on a hard surface.
To reduce these risks, you should:
- Encrypt your computer, mobile device, hard drives or other removable media, and files.
- Back up your data to a secure external hard drive or properly vetted cloud service.
While encryption may sound like a daunting topic, the “solution” section will help to explain this process!
The Problem
Most people store important data directly on their laptop or desktop computer, an external hard drive, or removable media (like a thumb drive). If you don’t take proper steps to secure the data that you are storing on these devices, you increase the risk that a cyber threat actor will be able to access, read, and steal your data. In addition, if you don’t securely back up your data, you increase your risk of permanent data loss.
Here’s a brief and non-exhaustive overview of threat activity that could put your data at risk:
- Malware: If a threat actor succeeds in installing malicious code on your computer, it may be able to access, read, edit, or steal your stored data if you haven’t taken steps to secure it.
- Ransomware: Ransomware is a particular type of malware that threat actors use to deny a user or organization access to their devices and data. If you haven’t secured and backed up your stored data to a ransomware-resilient solution, the threat actor could use their ability to expose or manipulate your data as leverage to demand a ransom.
FYI …
You may find that your encryption solutions give you an option for what encryption algorithm to use. While there may be multiple options, we recommend the one that the National Security Agency has authorized for use to protect U.S. government systems and data. This algorithm is the Advanced Encryption Standard (AES). It comes in three different forms: AES-128, AES-192, and AES-256. Although AES-256 is considered the most secure, all three forms are highly secure. For practical purposes, you may want to select AES-128 to make it easier for your device to process and run faster, especially if it is older, has low processing power, or “runs slow.”
- Opportunistic stealing: Criminals might seize the opportunity to steal your device so they can sell it, particularly if it’s left unattended in a car, coffee shop, or other public area. If you haven’t backed up your data, it is permanently lost.
- Physical access: Unlike opportunistic criminals, threat actors that are interested in the information on a device for purposes of identity theft or developing a targeted cyber campaign might try to steal your laptop, external hard drive, thumb drive, or other removable storage media. If you haven’t properly secured the data on your devices, the threat actor may succeed in accessing the information stored on the stolen device.
The Solution
Frequently back up your data to reduce the risk of permanent data loss.
If you only store your data locally on your device, you should back up your data to an external hard drive or a properly vetted cloud service.
- If you use an external hard drive, store it in a safe place when you are not using it. Remember to frequently save backups to the drive. Avoid leaving the external drive connected when not actively backing up your data as the connection could be used by ransomware to gain access to the drive and delete or corrupt your backups.
- If you use cloud backup or storage, see Project Upskill Topic 4.3 for guidance on selecting a trustworthy cloud service and minimizing your cybersecurity risk.
- See step 1 below, under “First Things First,” for guidance on how to perform backups for each of the major operating systems (OS).
Ensure that you’ve implemented Project Upskill’s guidance to minimize your vulnerability to malware.
If you have been following along with Project Upskill, you should already be well on your way to protecting yourself against malware!
- Project Upskill Topic 1.0 will help you to ensure that you’re using a standard user account for everyday activity on your laptop or desktop computer.
- Project Upskill Topic 1.1 covers the importance of keeping your OS and software up to date.
- Project Upskill Topic 6.1 explains the importance of being vigilant of phishing attempts.
Encrypt the data stored on your devices.
Encryption prevents people from accessing or manipulating your data without authorization. You can encrypt a device (system encryption); removable media such as external hard drives, thumb drives, and SD cards (drive encryption); and actual documents and files (file encryption). By implementing all three encryption methods, you can strengthen your cybersecurity posture.
While encryption may sound like a daunting topic, setting up system encryption, drive encryption, and file encryption are not very difficult.
First Things First …
Before setting up these different types of encryption solutions, you need to take some steps to ensure that you don’t disrupt your access to your own data.
- Back up your data to a secure external drive or properly vetted cloud service.
- Native OS backup services
- Windows
- Back up your Windows PC - Microsoft Support (Cloud) (Folders, Files, and System Settings)
- How OneDrive safeguards your data in the cloud - Microsoft Support (for more information on how OneDrive security works)
- macOS
- Back up your Mac with Time Machine - Apple Support (External Hard Drive) (Content, Data, and Settings)
- Add your Desktop and Documents files to iCloud Drive - Apple Support (Cloud) (Desktop and Files)
- iCloud data security overview - Apple Support (for more information on how iCloud security works)
- iOS
- How to back up with iCloud - Apple Support (Cloud) (Content, Data, and Settings)
- How to back up your iPhone, iPad, and iPod touch - Apple Support (Backup on a Mac or PC) (Content, Data, and Settings)
- iCloud data security overview - Apple Support (for more information on how iCloud security works)
- Android
- Back up or restore data on your Android device - Android Help (google.com) (Cloud) (Content, Data, and Settings)
- Back up your device - Android - Google One Help (for more information on how Google One security works)
- Windows
- Native OS backup services
- Select an encryption solution.
- Your OS likely has built-in encryption software. (We’ll cover the native encryption solutions for Windows, Mac, Android, and iOS devices momentarily.)
- You could also choose to use a third-party encryption solution, but do some research to ensure you’re selecting a reputable vendor. (See Project Upskill Topic 1.4 for guidance on vetting.)
- Regardless of whether you choose a native or third-party encryption solution, carefully consult your solution’s instruction manual to understand the process for properly setting up encryption.
- Safely store your recovery key and password. Make sure you have a safe method for storing any recovery keys associated with your encrypted systems or files, as well as your password for unlocking the encryption. Losing this information can lead to permanent data loss.
- Initiate encryption. Start the encryption process only after backing up your data, understanding the encryption process instructions, and securing the recovery key and password.
System Encryption: What is it and how do I set it up?
System encryption protects your device’s entire hard drive, including the OS. Practically speaking, when you use system encryption, your device is “locked” until the passphrase or password is entered to “unlock” it. Make sure to use a password that is long, random, and unique.
Here are links to instructions for how to set up system encryption for each of the major operating systems:
Windows
- To set up system encryption, see Turn on device encryption - Microsoft Support.
- To save a backup copy of your recovery key, see Back up your BitLocker recovery key - Microsoft Support.
- To find your recovery key, see Finding your BitLocker recovery key in Windows - Microsoft Support.
macOS
- To set up system encryption, see Protect data on your Mac with FileVault - Apple Support.
iOS
- To set up system encryption, see Set a passcode on iPhone - Apple Support.
Android
- On newer Android versions, the device will be encrypted automatically once you set a screen lock. See Set screen lock on an Android device - Android Help (google.com).
Drive Encryption: What is it and how do I set it up?
Drive encryption protects data stored on removable media, including external hard drives, thumb drives, and SD cards, from being accessed without authorization. This is important since these drives can often contain sensitive data and can be easier to lose due to their size.
Windows
- To encrypt removable drives while they are plugged into a device with a Windows operating system, refer to the “Turn on standard Bitlocker encryption” section of this webpage: Turn on device encryption - Microsoft Support.
- To save a backup copy of your recovery key, see Back up your BitLocker recovery key - Microsoft Support.
- To find your recovery key, see Finding your BitLocker recovery key in Windows - Microsoft Support.
macOS
- To encrypt removable drives while they are plugged into a device with a macOS operating system, see Protect your Mac information with encryption - Apple Support.
File Encryption: What is it and how do I set it up?
File encryption prevents threat actors from accessing the contents of a document. Even though metadata like the file’s author and the time and date it was created will still be visible, you are protecting the content of the file when you implement file encryption.
Many applications, such as Microsoft Word and Excel, Apple Pages and Numbers, and Google Docs and Sheets, allow you to encrypt your files.
Windows
- Microsoft Word: How to password protect your Word documents – Microsoft 365
- Microsoft Excel: How to password protect your Excel workbooks – Everyday Life Hacks (microsoft.com)
macOS
- Apple Pages: Password-protect a Pages document on Mac - Apple Support
- Apple Numbers: Password-protect a Numbers spreadsheet on Mac - Apple Support
- Google Docs, Sheets, and Slides: Get started with encrypted files in Drive, Docs, Sheets & Slides - Computer - Google Drive Help
You can also use third-party software solutions, such as data compression software WinZip or 7-Zip, to encrypt multiple files at once in a compressed file container.
Takeaways
Do
- Protect yourself against malware by:
- Using a standard user account for everyday activities (Project Upskill Topic 1.0).
- Regularly updating your OS and software (Project Upskill Topic 1.1).
- Being vigilant to phishing attempts (Project Upskill Topic 6.1).
- Back up your data to an external hard drive or a properly vetted cloud service.
- Encrypt all devices, hard drives, removable media, and relevant documents for enhanced security.
Do Not
- Encrypt your systems, drive, or documents without following these four safety rules:
- Backup your data.
- Select an encryption solution.
- Secure your recovery key and password.
- Initiate encryption.
Project Upskill is a product of the Joint Cyber Defense Collaborative.
Prerequisites
- Module 1: Basic Cybersecurity for Personal Computers and Mobile Devices
- Module 2: Protecting Your Accounts from Compromise
- Module 3: Protecting Data Stored on Your Devices