How to encrypt files in Windows

If you have important personal or business content such as Intellectual Property on your Windows PC, you may wonder how to ensure that data is secure. If a laptop is lost or stolen, it is possible that thieves could access the contents of the hard drive. The solution is to encrypt your files and folders in Windows 10.

Encrypting files on your computer ensures that it will be much more difficult to steal your valuable information, even if your computer is hacked. In this guide, we will explain how to encrypt files in Windows using native features and third party apps.

What should I encrypt?

This is your choice, but most people use encryption to protect the following kinds of data assets:

How can I encrypt files and folders in Windows? 

There are two main ways to encrypt files on a Windows machine - Windows’ built-in Encrypting File System (EFS) or BitLocker. Alternatively, you could use a third party encryption application. 

If you are looking for a way to encrypt text files such as Word documents and PDFs, you can also encrypt those files inside Microsoft Office. And, if you want to encrypt Excel databases, you can do that too. Below we will walk you through some of the most popular methods for encrypting on your computer.

Encrypting in Windows using built in Encrypting File System

The easiest and fastest way to encrypt files securely on your hard drive is to use Windows native encryption tool. Windows’ Encrypting File System (EFS) uses secure symmetric encryption using a File Encryption Key (FEK). This kind of encryption is secure and fast, which means it can be used to encrypt any individual files you need to secure - no matter their size.

Windows 10 Home Edition users

EFS is only available in Windows 10 Pro, Enterprise, and Education. If you are a Home Edition user, you will need to encrypt files using a third party encryption app instead, which we cover later in this guide.

How to enable Windows Encrypting Files System (EFS)

If you have got a compatible version of Windows 10, you can encrypt files almost right away. Before you get to this, however, you will need to do two things:

  1. Ensure that your Windows user account has been set up with a password that is strong and hard to crack. Using EFS requires your user account to have a password, and unless that password is strong, it might be brute forced by someone with physical access to the computer. Your file encryption will only be as strong as your user password, so make sure it is robust.

  2. Get a USB thumb drive so you can save the backup key. This will allow you to access your encrypted files if you lose access to your user account.

Now that you have done the preliminary preparation steps, you are ready to enable EFS for specific files or folders. To do so, follow these simple steps:

  1. Right-click on your Start button and open File Explorer

    right click on start and openthe filer explorer

  2. Locate the file or folder that you wish to encrypt in your file manager.

    Find the file you want to encrypt

  3. Right-click the file or folder and click Properties.

    Click on properties

  4. In the General tab, click Advanced.

    Click on the advanced tab

  5. Tick the checkbox next to Encrypt contents to secure data.

    Encrypt contents checkbox

    Click OK.

  6. Click Apply.

    A window will pop up asking you whether you want to encrypt the selected folder, or the folder, sub-folders, and files.

  7. Choose either Apply changes to this folder only or Apply changes to this folder, sub-folders, and files.

    Confirm changes

  8. Click OK.

    A small padlock symbol should appear in the top-right of the file or folder you've encrypted.

Back up your Key

Now that you have encrypted your first file, Windows EFS will serve you an icon in the system tray in the bottom right-hand side of your screen. Click on it to back up your key.

Back up your file encryption key notification

  1. Plug your USB thumb drive into your Windows computer.

  2. Click the EFS icon in the system tray.

  3. Click Back up now (recommended).

    backup now (recommended)

  4. On the Certificate Export Wizard click Next.

  5. Leave the default settings on the Export File Format screen and click Next.

    Export file format screen

  6. On the security screen, tick the box next to Password and type in a password. You will need to enter it twice to confirm it is the right password.

    Enter your password

  7. Click Next.

  8. On the next screen click Browse and select your USB thumb drive.

  9. Now click the filename field and type in EFSKey. (Or call the file whatever you prefer).

  10. Click Save.

  11. Click Next.

  12. Click Finish.

  13. Click OK.

Remember

Once the backup key has been exported, keep the USB drive safe. If you ever find yourself locked out of your Windows user account, you can use the key to recover the encrypted files on your PC.

Encrypting files in Windows using BitLocker

BitLocker is a proprietary full volume encryption tool for Windows that lets users encrypt their entire hard drive securely. BitLocker is different to EFS because it does not allow users to encrypt single files and folders when their operating system is running. For this kind of encryption, users will require either EFS or a third party encryption tool.

Windows Home Edition Users

As with EFS, BitLocker is not available for Windows Home Edition. It is only available for Windows Pro and Enterprise users.

BitLocker is suitable for anybody who wants to ensure that their entire hard drive is encrypted every time they log out of Windows and close their computer down.

But, typically, people require Full Disk Encryption (FDE) because:

  1. Some users require FDE to comply with regulations that could lead to fines if consumer data stored on their system could be breached if a machine is stolen.

  2. To protect valuable and sensitive company data from being accessed if a laptop is stolen or lost.

  3. Using BitLocker minimizes the potential for useful data to be recovered from old or lost hard drives.

BitLocker uses Advanced Encryption Standard (AES) as its cipher with user configurable key lengths of 128 or 256 bits. This is a secure encryption standard, meaning that hard drives protected with BitLocker are safe against hackers for the foreseeable future.

How to encrypt a hard drive using BitLocker - Step by Step

If you have Windows 10 Pro or Enterprise edition, you can use BitLocker to encrypt your hard drive. Once set up, BitLocker lets you unlock your hard drive either by using a USB dongle or by entering a password. You can opt for either method, but if you prefer a physical key, you will need to get a USB thumb drive before setting BitLocker up.

Check for a Trusted Platform Module chip

Before setting up BitLocker, check that your PC has a Trusted Platform Module (TPM) chip. This is a special microchip that enables your device to support advanced security features. You can use BitLocker if your computer doesn't have TPM by using software-based encryption instead, but it requires a longer setup and it isn’t as secure. To check if you have one simply:

  1. Press the Windows key + x (at the same time) and click on Device Manager.

    Click on device manager

  2. Expand Security Devices and check to see if you have a TPM chip like in the image below. Your PC must have TPM chip version 1.2 or later to support BitLocker.

    Look for security devices

Set up BitLocker

Now that you have checked for a TPM chip, you can set up BitLocker:

  1. Navigate to your Control Panel.

    Open control panel

  2. Select System and Security.

  3. Find BitLocker Drive Encryption and click Manage BitLocker.

    Click manage BitLocker Drive

  4. Select Turn on BitLocker.

    Turn on BitLocker

  5. Choose either Enter a password or Insert a USB flash drive.

    Enter your password

  6. If you use a USB dongle, you will still need to enter a password. Enter it and click Next.

  7. You will be given options to save a recovery key. This key lets you regain access to your encrypted hard drive if you forget your password. Options include:

    • Save to your Microsoft account
    • Save to a USB flash drive
    • Save to a file
    • Print the recovery key
  8. Choose your preferred option and click Next.

  9. Select an encryption option. Click Next.

    You can opt to encrypt either the entire disk or the used portion.

    Select an encryption option

  10. Choose between New encryption mode (better for internal, fixed hard drives) or Compatible mode (best for removable devices), and click Next.

  11. Check the run BitLocker system check box and click Continue.

    Run BitLocker

  12. Now, restart your computer to complete the setup.

  13. When the computer launches, BitLocker will ask you to either enter your USB flash drive and enter a password, or enter the password you set up to unlock your hard drive.

Use an encryption app to encrypt files or folders in Windows

If you are a Windows 10 Home Edition user, you cannot use EFS or BitLocker. This is because they are only available on Windows 10 Pro, Enterprise or Education. 

The good news is that you can still encrypt files and folders using a third party tool, and you don’t have to pay a fortune to get the job done. In fact, using open source third party tools with strong encryption is an effective way of ensuring you secure your personal data.

If you need to encrypt files and folders on your machine, we recommend using one of the following apps:

The programs we have listed above all function slightly differently. However, they all have walkthroughs and guides on their websites to help you encrypt your data. Thus, you will need to do a little research into each program to use that specific encryption system to secure your data.

On the whole, however, once installed you should be able to locate the files and folders that you want to secure in Windows file manager, and then right click on those files to select the program you wish to encrypt the files with.

Is encryption fool proof?

Encrypted files and folders are much more secure because a password is needed to access their contents. However, they are not 100% secure for several reasons:

  1. If you store your cryptographic key or encryption password in an unencrypted file on your computer, a hacker could potentially steal it.

  2. If a hacker installs a keylogger on your device, they could steal your password when you enter it to decrypt a file.

  3. When you use EFS to encrypt a file, your computer may still store an unencrypted version of that file in its temporary memory. The solution is to delete your temporary files to ensure that the unencrypted version is not still lying around.

  4. Depending on where you live, legislation may exist that forces you to hand over your encryption key to the government. If you are served a warrant, it may compel you to hand over access to your encrypted documents in order to comply with an investigation.

Do I need a VPN to encrypt my internet data?

The software we have recommended in this article lets you encrypt the data on your local hard drive. However, you may also want to encrypt your internet traffic to gain digital privacy online. When you use the internet, all your traffic must pass through your ISP’s servers. This allows your ISP to keep records of all the websites you visit. It also allows your ISP to gather your metadata. 

Local network administrators can also analyze and track your internet traffic when you use public WiFi hotspots, and both ISPs and WiFi providers may collect data about you and share it with the government. A VPN encrypts your data before it leaves your devices, which stops your ISP or WiFi providers from being able to snoop on your traffic. For more information on encrypting your data with a VPN click here

Written by: Ray Walsh

Digital privacy expert with 5 years experience testing and reviewing VPNs. He's been quoted in The Express, The Times, The Washington Post, The Register, CNET & many more. Ray is currently rated #7 VPN and #7 internet privacy authority by Agilience.com.

0 Comments

There are no comments yet.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

One of the largest VPNs, voted best VPN by Reddit

Large brand with very good value, and a budget price

Longtime top ranked VPN, with great price and speeds