How to Encrypt Your Files and Why You Should

Make your data unreadable and unusable...until the password is provided

Keyboard showing a key with a lock symbol on it

 Kizilkayaphotos/E+/Getty Images

by Andy O'Donnell
A senior security engineer who is active in internet and network security.
Updated July 01, 2019

When files are encrypted, they're scrambled to the point that they're unusable unless they can be decrypted, which is usually only possible with specific software and knowledge of the same password used for encryption.

You might encrypt your files if you keep sensitive information that you need to keep private. Maybe you have critical bank information or tax documents, or photos and other documents that, if stolen, could end in identity theft or other problems.

However, not everyone needs to use encryption. It's often slow to encrypt large files or a large number of files, and it's only really useful for data you aren't accessing every day.

Do You Need Encryption?

We've all seen stories in the news, where someone's laptop was stolen from them that had a million social security numbers on it or unencrypted bank information stored on it. None of us want to be in that situation, whether it's data that belongs to other people or files that are our own.

If you don't store information like that on your computer, then you don't need to use encryption. It's really only relevant to people who are concerned about data breaches, like if they fear that someone will steal their flash drive full of online user account passwords, or their laptop with private photos, or maybe even their desktop computer that had previously been infected with malware that copied their data over a malicious remote access program.

Regardless of why you want to encrypt your data, the process is almost identical in all software: choose what to encrypt and then decide how to secure it (with a password, key file, special USB device, etc.).

There are two ways to encrypt your data. You can use encryption on the entire hard drive, or on a section of your hard drive, so that anything within that encrypted space is, of course, encrypted. The other way is to encrypt particular files, one at a time.

Encrypt the Whole Hard Drive

Your operating system does not encrypt your files automatically unless you've turned on disk encryption options like Bitlocker (Windows) or FileVault (Mac). File storage encryption is usually turned off by default.

There are plenty of free disk encryption programs that you can install right now to encrypt everything on your computer—the whole OS, all of your videos, documents, pictures, etc. They work by forcing a user to provide the decryption password before the operating system loads.

Some of them, like VeraCrypt, can isolate an entirely different version of Windows within the encrypted disk. This lets you enter two different passwords when your computer boots — one takes you to your regular OS and the other takes you to a version of the operating system that doesn't have any sensitive information. The purpose of this is to give you a safe way out of a situation where someone is forcing you to reveal the decryption password.

TrueCrypt is a great option for individual PCs, but if you manage a large number of computers that need whole disk encryption, you may want to check into McAfee's Complete Data Protection. McAfee offers both PC and Mac whole disk encryption that can be centrally managed by their ePolicy Orchestrator (ePO) platform.

Other disk encryption programs are useful for building an encrypted file container, which is like a folder or virtual hard drive that stores sensitive files. It can be decrypted to view the files and to add or remove data, and then just as easily encrypted to protect them. This type of encrypted drive is stored on a hard drive but doesn't encrypt the entire disk.

Encrypt Specific Files

If you just need to encrypt certain files and not the entire computer, you can do that, too. There are lots of freeware programs that support file encryption, so we'll name just a few.

One really popular way to encrypt single files is with AxCrypt. It changes the file extension to have the AXX suffix, and the file can only be opened with AxCrypt if you provide the password used to encrypt it. You can encrypt files on a Windows or Mac computer and even view them on your phone or tablet with the AxCrypt mobile apps.

7-Zip is another file encryption application that has more than one use. Its primary purpose is for extracting files from formats like ZIP, 7Z, RAR, ISO, etc. However, it can also make new compressed files, and when you do that, you have the option to encrypt the file names and protect the whole archive with a password.