Encryption is one of the best ways to prevent unauthorized access to your important data. Whether it's your work laptop, personal laptop, or even home desktop, encrypting your storage drive can make it next to impossible for someone to view your sensitive information by stealing your device or drive, or by gaining access to it virtually.

Many users prefer to encrypt their entire storage drive, considering it one of the simplest and most effective encryption methods, but it's possible that you don't need to do that. It might not even be as effective as you think. Let's get into 5 reasons why you might want to consider other encryption methods, or other forms of security entirely.

Related Do you need to encrypt your NAS? Encrypting your NAS can provide enhanced security, but do you really need to do it?

5 OS encryption might already be active on your device

Most popular operating systems have built-in encryption

If you're thinking about encryption, chances are that you're already using your operating system's built-in encryption. Windows, macOS, and Linux (Ubuntu) all have their own versions of device encryption, with which some or all of your drives can be encrypted. Your professional laptop is likely to have it enabled already, and on your personal device, you can choose whether to encrypt a single drive or the entire device.

Windows uses BitLocker, macOS has FileVault, and Ubuntu uses LUKS. It's turned on by default on macOS, whereas on Windows and Linux, you might need to enable it during the initial setup or later in the settings. When you already have built-in encryption in your operating system, looking for other encryption methods to safeguard your data is not worth the effort for the majority of users. Unless you have a business that deals with sensitive or confidential data, built-in OS encryption should be enough.

These encryption methods require you to enter a single decryption key while you log on to the system, allowing you access to the entirety of your drive or drives. For most users, this seamless drive-level encryption is enough to protect against device theft. Even if someone gains access to your PC, they won't be able to access any of your data without knowing the decryption key. Of course, this also means that if you lose your decryption key, you'll lose all of your data. So, make sure to treat your decryption key with the utmost safety, and store it somewhere only you can find it - and somewhere you most certainly will be able to find it, if you forget your passkey.

4 You can encrypt drive volumes or files instead

Full drive encryption can be inferior

The way full drive encryption or FDE works is by using a single point of security for the entire drive. Once you enter your decryption key on your device at startup, the entire drive is decrypted to allow you to use the system as you please. What this also does is expose the entirety of your data to virtual threat actors. You never know who might be lurking around on your network, waiting for the right time to access your unprotected data.

Your device might be physically safe, but any hackers present on your network can still access the whole of your drive contents as they are no longer encrypted. In contrast, if you choose to encrypt only a specific volume or files and folders (the ones that you can't afford to lose), then any online attackers will not be able to view those contents without the respective decryption keys.

This kind of granular control allows you to continue using the rest of your system without worrying about virtual threats (at least for your sensitive data), considering those particular volumes or folders remain encrypted even when you are logged into your system and are using it as you want.

Related How to encrypt a folder on a Mac using Disk Utility If you are wondering how you can encrypt or password-protect a folder on Mac, the built-in macOS Disk Utility can help you with that.

3 File and folder encryption is more convenient on a shared device

Your home computer need not be blocked completely

Source: Mockup.Photos

Another major benefit of encrypting individual volumes or files instead of the entire drive is that you can be more confident giving access to other family members or friends. You no longer need to worry about whether they will intentionally or inadvertently access folders that they shouldn't, which is what could happen if your device is only protected by a single drive-level encryption that goes away as soon as you log on.

The use case for this kind of arrangement might be rare, considering you also have the option of not storing any sensitive data on a shared device, but if that isn't an option, folder or volume-level encryption comes in handy. Of course, the basic rules of encryption still apply — you can't afford to forget your decryption key or keys, otherwise, you will yourself lose access to your crucial data.

One thing to be wary of when encrypting only specific volumes or folders is that your operating system might store related temporary data in other unencrypted locations on the drive. This could defeat the purpose of the granular control you implemented, and expose your confidential information to anyone who knows where to look for it.

Related 4 ways to secure your important notes Essential strategies for keeping your digital notes safe

2 Encryption will not protect you against a determined attacker

There are always ways to get around encryption

Source: Unsplash

Despite attempts to protect against various threat actors (physical or virtual), you can never be 100% sure that encryption alone will magically keep your information safe. Someone who is pretty determined to steal your financial or sensitive information will find a way to access it.

They might secretly install keyloggers on your device to discover your decryption key, steal the device itself while it's in a decrypted state, or utilize advanced code-breaking techniques to bypass the encryption entirely. A hacker could also choose to ignore your primary device in favor of unencrypted backups. Considering many people only think about encrypting their main computer and forget about doing the same for backups, this is a valid strategy for any determined hacker.

This is not to say that encryption is useless. It certainly provides an added layer of security to your device, but believing that it is foolproof against all kinds of attacks can make you complacent and discount the importance of other physical and network security techniques. Basic security tips to practice include not keeping your device unattended, having secure passwords for your Windows account, bank account, and other accounts, and not using the same password everywhere.

Related 5 basic online security tips that everyone should know The internet is a scary place, so make you use follow these security tips to protect yourself.

1 You probably have better methods to protect sensitive files

Password managers and hardware keys to the rescue

Close

If you are worried about protecting a handful of files and folders containing your financial or sensitive information, then a much better solution is using a password manager. Instead of encryption methods, password managers provide a more feature-rich and easy-to-use UI to protect your confidential data. They are designed to store critical and confidential information, and can also offer multifactor authentication and other added features.

The risk of losing your information forever is also minimized, as these password managers allow you to reset your passwords or access codes, which is not an option in the case of encryption. Of course, the level of security in this case is also reduced, but for the vast majority of users, password managers should be more than enough. You also have the option of using hardware keys that are specialized devices built to handle deep file encryption, and they're extremely secure.

If you are dealing with patient health information, customer financial information, or other such sensitive data, then you are probably bound by law to use robust encryption methods. For everyone else, however, encryption might not be needed at all. If you don't have a strong reason to implement encryption, then you shouldn't go out of the way to encrypt your entire storage drive or even specific folders. Losing your decryption keys can cause lasting damage, plus encryption isn't foolproof anyway.

To encrypt or not to encrypt, that is the question

Encryption remains one of the most powerful tools in your arsenal against data theft. Despite a few downsides, encrypting your entire drive is an effective method to scramble your data so that any unwanted user can't access your data even if they possess your device or storage drive.

However, the average user might have alternate methods to achieve the same results they're looking for. To protect your financial or confidential information, you can use password managers or hardware keys — software and hardware specifically built to secure your most critical data. It all comes down to assessing the goal and choosing the best method to make it happen.