Why You Should Encrypt Your Files

Encryption converts your files into unreadable ciphertext that can only be decoded with the correct key. If your laptop is stolen, your cloud account is compromised, or someone gains unauthorized access to your system, encrypted files are useless to them without the decryption key. File encryption is one of the most practical security measures any individual or organization can implement.

Option 1: Full-Disk Encryption (Recommended First Step)

Before encrypting individual files, consider enabling full-disk encryption — this protects everything on your drive automatically.

Windows: BitLocker

  1. Open the Start Menu and search for "Manage BitLocker"
  2. Click Turn on BitLocker for your system drive (C:)
  3. Choose how to unlock: password, USB key, or PIN
  4. Save your recovery key somewhere safe (print it, save to your Microsoft account, or write it down offline)
  5. Choose encryption mode — "New encryption mode" for fixed drives; "Compatible mode" for portable drives
  6. Click Start encrypting and wait for the process to complete

Note: BitLocker is available on Windows Pro, Enterprise, and Education. Windows Home users can use "Device Encryption" in Settings → Update & Security → Device Encryption (if your hardware supports it).

macOS: FileVault

  1. Open System Settings (or System Preferences on older macOS)
  2. Go to Privacy & Security → FileVault
  3. Click Turn On FileVault
  4. Choose recovery key method: iCloud account or a local recovery key (write the local key down and store it safely)
  5. Restart your Mac — encryption happens in the background while you use your computer

Linux: LUKS

Linux uses LUKS (Linux Unified Key Setup) for full-disk encryption. The easiest approach is to enable it during OS installation — most major distributions (Ubuntu, Fedora, etc.) offer this option in the installer's partitioning step. Look for "Encrypt the new Ubuntu installation" or similar wording and check that box before proceeding.

Option 2: Encrypting Individual Files and Folders

For encrypting specific files — especially for sharing or cloud storage — VeraCrypt and GPG are the most reliable cross-platform tools.

Using VeraCrypt (All Platforms)

VeraCrypt creates encrypted containers — files that act like virtual encrypted drives.

  1. Download VeraCrypt from veracrypt.fr and install it
  2. Open VeraCrypt and click Create Volume
  3. Select "Create an encrypted file container" → click Next
  4. Choose "Standard VeraCrypt volume"
  5. Select a location and filename for your container
  6. Choose encryption algorithm (AES is fine for most users)
  7. Set the container size
  8. Set a strong password
  9. Move your mouse randomly to generate entropy, then click Format
  10. Mount the container via VeraCrypt — it appears as a drive. Copy files into it, then dismount when done.

Using GPG for File Encryption

GPG (GNU Privacy Guard) is ideal for encrypting files to send to specific people, or for symmetric encryption with a passphrase.

To symmetrically encrypt a file (passphrase only):

gpg --symmetric --cipher-algo AES256 myfile.pdf

This creates myfile.pdf.gpg. To decrypt:

gpg --decrypt myfile.pdf.gpg

Encrypting Cloud Storage

Cloud providers can technically access unencrypted files. If you store sensitive data in Dropbox, Google Drive, or OneDrive, consider encrypting it first:

  • Cryptomator — free, open-source, creates encrypted vaults inside your cloud folder. Works transparently across all cloud providers and platforms.
  • Place your VeraCrypt containers in cloud storage (they sync as encrypted blobs)

Important Reminders

  • Back up your recovery keys. Losing them means losing access to your data permanently.
  • Encryption protects data at rest — not data in use. Keep your system locked when unattended.
  • Strong passwords are essential. Encryption is only as strong as the password protecting it.