Encryption changes readable files into unreadable cipher until the decryption key is supplied. Keeping sensitive files encrypted keeps your data secure even if a computer should fall into the hands of a stranger. Encrypting sensitive files also protects them from spybots should the system become infested with malware. Luckily it’s easier than ever to encrypt files with readily available software, many of which are also free.
Complex algorithms that have been developed by various authors are used to encrypt files. These encryption programs use a single password to encrypt and decrypt data, folders, and even entire disks. Other types of encryption, referred to as “public encryption,” use one key for encryption and another for decryption, where only the latter key need be private. This method is used to privatize email and instant messaging.
There are many open-source, free encryption programs available. Most of these programs add a shortcut to context menus, the menus that pop up when you right-click on a file. By placing a shortcut here, you can encrypt any file by simply right-clicking on the name and selecting the encryption program. You'll be prompted for a password and the file will be encrypted to this key. If this password is forgotten, the file will not be able to be decrypted later.
When you encrypt files, the last three letters of the file or the extension will change according to the software. For example, when using Pretty Good Privacy® (PGP) to encrypt a Microsoft Word® document, the file becomes filename.doc.pgp. If you try to open the encrypted file by double-clicking, you will be prompted for the password that was used to encrypt it. If you encrypt more than the occasional file, you might consider keeping all sensitive files in a single folder and encrypting the folder instead.
Encryption options typically include the choice to automatically wipe the original file after the encryption process has completed. A “wipe” is a secure way to delete a file by rewriting over it many times so that the data cannot be retrieved, even using recovery tools. Some programs will allow you to dictate how many passes the software should make to wipe the data. A minimum of eight passes is considered secure for most purposes, while government or military might use up to 20 passes or more.
Some software offers the option of adding an attribute to keep encrypted files from displaying in Windows Explorer®. It’s important to note, however, that it’s a trivial matter to turn this feature off, causing all files to display, so this option should not be relied upon. As an alternative, steganography encryption programs will encrypt and then hide files inside graphic files that will still display properly.
It is also possible to encrypt an entire drive or volume. For example, you might keep all financial programs, banking, spreadsheets and personal documents, such as wills or other critical data, on a dedicated drive. By keeping that drive encrypted when it’s not in use, you are protecting it against malicious software as well as prying eyes should someone gain access to your system. It is also possible to encrypt a drive that contains an operating system, though for most purposes this is not necessary.
If you'd like to send an encrypted file to a friend as an email attachment, you can use an encryption program to create a self-decrypting file that will not require the receiver have encryption software installed. A password will have to be supplied, however, either by phone or some other means. Self-decrypting files are not considered truly secure because the password must be conveyed to the recipient and most passwords can be easily broken using software designed for this purpose. Nevertheless, it's a good way to keep information private as it traverses the Internet, as long as the information isn't too sensitive.
Open-source, free programs used to encrypt files, folders and drives are readily available. If you would like to encrypt email, look for a public encryption program. Remember that your correspondents will also need a compatible encryption program installed.