Did you know that anyone can access your files, folders, and personal information if they are not properly encrypted? That’s right! Without encryption, your sensitive data is vulnerable to theft, hacking, and cyberattacks.
The Anti-Phishing Working Group (APWG) observed a record-breaking number of phishing attacks in the third quarter of 2022, with a total of 1,270,883 attacks. Similarly, the average cost of data breaches has gone up by 13% from 2020 to 2022.
File encryption can add an extra security layer – and an ironclad one – to your system against such threats. Even if a cybercriminal gets hold of your private files, it would all be a jumbled mess to them without the encryption key.
In this article, I’ll explore the benefits of file encryption, discuss the best file encryption algorithms in 2023, and provide guidelines for encrypting your files for free using the built-in encryption methods in Windows and macOS.
Why Is File Encryption Important?
When it comes to protecting your sensitive information, file encryption is one of the most important tools up your sleeves. It can be essential for your data security in a number of ways.
- Protect Sensitive Information
Have you ever considered the potential risks of sharing your computer with others or losing your device? It isn’t difficult for hackers to extract files from your hard drive if they have physical access to it.
Most of us keep files containing personal information (like names, addresses, and social security numbers), financial data (like credit card numbers, and bank account information), health records, and confidential business information on our PC.
If any of this sensitive information is compromised, attackers may use it to steal your identity, make fraudulent purchases, or open new accounts in your name.
Adding encryption ensures that your information will stay safe even if an attacker gets hold of your device as long as they don’t have the encryption key.
- Minimize Business Risks
For businesses, data breaches are a nightmare. Once a company ends up losing sensitive user information, a plethora of dreadful consequences pop up – financial losses, damage to reputation, operational disruptions, legal actions, and, most importantly, reduced customer confidence.
The attackers behind these breaches utilize vulnerabilities in the company’s cybersecurity to break into their system. More often than not, file encryption can be a robust layer to cover these weaknesses. Since, even if the attackers get hold of your information, they’ll need the encryption key to access your information.
- Transmit Data Safely
While transmitting your data over the internet, the network between your device and the website you’re accessing isn’t necessarily safe. Your Internet Service Provider (ISP), eavesdroppers, and unauthorized third parties can access your private files and use them to their benefit.
Although TLS protocols like HTTPS and SMTP do provide a secure connection to the website you’re using, several websites lack TLS connections. The best way to protect yourself against these websites is to use a VPN which by default encrypts your files before transmitting them.
- Compliance for Industries that Handle Sensitive Data
Many regulatory frameworks across the world, like the European Union’s General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), require data encryption for industries handling sensitive user data.
In such scenarios, data encryption becomes a compliance problem straying from which can lead to serious legal consequences for businesses.
- Secure Your Storage Devices
Do you use a USB flash drive to store your private and work data? It isn’t difficult to imagine such a drive getting lost.
But what could happen if it does? It can fall into the hands of someone with malicious intentions. In such a scenario, you are faced with grim possibilities of identity theft, financial loss, and whatnot.
If you encrypt the files before putting them on the drive or encrypt the drive itself, it would be nearly impossible for anybody to get hold of your files without the key.
How Does File Encryption Work?
Put simply, encryption is encoding a piece of information using a key in such a way that the information wouldn’t be comprehensible without it. A very straightforward example of encryption would be to interchange “a” for “#”, b for “C” and so on. The key, then, would be the string of text specifying which character was replaced by which character
Making the encryption process more sophisticated, you can interchange a single letter with multiple letters and repeat the process several times – in fact, you can add more refined mathematical techniques to it. This kind of technique where only a single key is utilized to encrypt and decrypt information is termed symmetric encryption.
For most of history, that was the only kind of encryption. But in the 1970s Martin Hellman, Whitfield Diffie, and, independent of them, Ralph Merkle came up with a new concept popularly called asymmetric encryption.
In this kind of encryption, you generate two mathematically related keys – one is the public key and the other is the private key. You can distribute the public key to anyone but sharing the private key is a no-no.
Here’s the trick: anybody who wants to send you a message encrypts it using your public key. Once encrypted, the message cannot be decrypted without the private key. The benefit of asymmetric encryption is that you don’t have to share the private key with anybody. Thus, the chance of the private key getting into bad hands decreases.
That said, it’s not a win-win solution. While asymmetric encryption promises more secure encryption, it is much slower and takes more computational power – and that makes it impractical for encrypting large amounts of data.
Safest Encryption Algorithms in 2023
Encryption is implemented by means of an algorithm. Here, I’ll touch on some of the most popular encryption algorithms used by industries and institutions around the world in 2023.
- Triple DES
Triple DES (3DES) is an improved version of the Data Encryption Standard (DES) algorithm. 3DES uses a three-fold encryption scheme. It generates three 56-bit keys. Using one of the keys at a time, it encrypts, decrypts, and again encrypts the information.
In 2016, a group of researchers cracked the algorithm using a birthday attack called the sweet32. As a result, the National Institute of Standards and Technology (NIST) deprecated its use. After 2023, it can no longer be used for communication security purposes.
Blowfish is another encryption algorithm, introduced by Bruce Schneier in 1993. Being a symmetric block algorithm, it has a key size ranging from 32 to 448 bits. It divides the text into blocks of 64 bits and then applies encryption algorithms to each block.
Although Blowfish stands unbreached to date, its use has largely been abandoned – especially in the new systems – because of the arrival of better and faster algorithms.
Twofish, as its name hints, is a successor of blowfish. It has a block length of 128 bits and the key length now varies between 128, 192, and 256 bits. Arguably it’s one of the most secure symmetric algorithms in the encryption world.
But this security doesn’t come without a price. Because of its elaborate encryption process, it’s much slower compared to Blowfish and AES. And that’s why it fell short of winning the day in Advanced Encryption Standard (AES) competition by NIST in 2000.
- Rivest-Shamir-Adleman (RSA)
RSA is one of the oldest algorithms based on the mathematical problem of prime factorization. Exploiting asymmetric encryption, RSA generates key sizes multiple of 256 bits. It works best in security applications where key management is an issue.
Although for most of history, RSA was thought to be unbreachable by brute force methods, that notion has died away with the advent of quantum computers. In 2022, Chinese researchers cracked a 48-bit-key RSA with a 10-qubit quantum computer-based hybrid system and they claim that their process can be replicated for a 2048-qubit system with a 372-qubit quantum computer.
- Advanced Encryption Standard (AES)
Originally known as Rijndael, Advanced Encryption Standard (AES) is a symmetric algorithm used in 128, 192, and 256-bit key variations. It was the winner of NIST’s Advanced Encryption Standard competition in 2000.
AES has a sophisticated process involving four main operations: substituting bites, shifting rows, mixing columns, and adding round keys. Save the jargon, the gist is that the AES algorithm isn’t breakable by a brute force attack for the foreseeable future.
Can You Encrypt Files for Free?
Both Windows and macOS offer free built-in methods to encrypt files and folders. For details, give the following section a read. Also, you can easily get your hands on free file encryption software like VeraCrypt, 7-Zip, and WinRAR.
Best & Easiest Types of File Encryption
Without further ado, here, I’m going to outline the best and easiest encryption methods you can follow to protect your files and folders.
How to Encrypt Files on Windows 10
Besides Windows Home, all Windows 10 versions have a built-in file encryption option. Using it you can encrypt any file or folder. Windows also has software in place to encrypt your device’s hard drive and other external storage devices.
To encrypt a file or a folder, here’s what you need to do:
- Go to the file or folder you want to encrypt.
- Right-click on them. Go down the list to the Properties.
- In the General tab of the next window, you’ll see the Advanced button. Click it.
- Check Encrypt contents to secure data and save.
- Next, Windows will present you with two options:
- Encrypt the file and its parent folder (recommended)
- Encrypt the file only.
Here, you might wonder what’s the use of the first option. Well, your PC makes a temporary copy of the file in the parent folder. Once you encrypt your files, these temporary copies remain there for a while. So, by only encrypting the file, you can still have a potential security loophole.
- After that, Windows asks you to back up your key, which I advise you to do so as soon as possible. Without it, you can lose access to your file permanently. Click on the Back up now option.
- In the next tab, select Export File Format, just leave everything to default, and press Next. Then, Windows generates a .PFX file
- For the sake of security, Windows asks you to password-protect this file. Again do so!
- Lastly, just choose a name and location for the file to put it in. I recommend you save the encryption key on a flash drive.
Voila! You’ll see a lock on the file icon indicating that your file has been encrypted. If you try to open it, it opens up like it normally does – that’s because the .PFX is saved on your PC.
But if you delete it from your PC – and you can do so by heading to Search > Manage Users Certificates > Personal Certificates – the file would prompt you for the key when you hit its icon.
So much for the encryption process. Now, how can you decrypt a file you’ve previously encrypted? Follow these steps.
- Connect the flash drive or any other storage device to which you’ve exported your key.
- Click on the .PFX file. You’ll be directed to the Certificate Import Wizard.
- Windows will prompt you for the file’s password if you’ve put any in place. Enter it.
Instead of encrypting individual files and folders, encrypting the whole device is a far better idea. And guess what? Windows does come with an in-built device encryption option.
If you’re signed into Windows with an administrator account, here’s what you need to do:
- Go to Settings > Update & security.
- Here, look up Device encryption. (If it isn’t there, don’t despair! You can still use the standard Bitlocker encryption.)
- In this tab, toggle the button to Turn on if it isn’t already.
Unless we’re talking about Windows 10 Home, you’ve got another device encryption option up your sleeve – and that is the standard BitLocker encryption. If you’re signed into Windows with an administrator account, here’s what you need to do:
- In the Windows search box, type Manage BitLocker. Choose the option from the search results
- In the tab that opens up, select Turn on BitLocker.
Then, just follow a few simple steps and you’ll be all set.
How to Encrypt Files on Windows 11
The encryption schema in Windows 11 is exactly the same as in Windows 10. Likewise, you can decrypt the file using the same steps.
The only difference is that for device encryption, you’ve to go to Privacy & security instead of Update & security – the rest is the same as Windows 10.
How to Encrypt Files on macOS
Not unlike Windows, Apple also provides you with the option to encrypt individual files and folders as well as the entire device on macOS.
To encrypt individual files or folders, here’s what you need to do:
- Go to Finder on your system.
- After that, follow Go > Utilities on the top bar.
- Select Disk Utility from the list that pops up.
- With the disk utility in place, go to File on the top bar and follow New Image > Image from Folder.
- Now, browse to the folder or file that you want to encrypt.
- You’ll see a tiny option reading Encryption. Here you have two options:
- 128-bit AES encryption
- 256-bit AES encryption
Although 256-bit AES encryption is much more secure than 128-bit one, it’s also slower. Also, a 128-bit AES encryption will suffice for all practical purposes. Select what you like.
- Then, macOS will ask you to create a password.
- Hit save and you’re done. The system might take its time to encrypt the files.
Keep in mind that macOS creates a new and encrypted copy of your file or folder. The original will remain intact. Go ahead and delete it and then empty the trash. Else, keeping the original file as it is defeats the purpose of encryption.
You can open these files by entering the password. Make sure you remember the password, otherwise you could lose the data permanently.
What is FileVault Disk Encryption? FileVault disk encryption is the counterpart of the standard BitLocker device encryption – it encrypts the whole of your disk. Here’s how you can enable it:
- On the top bar, follow the Apple icon > System Preferences.
- In the pop-up tab, hit Security & Privacy.
- Here, navigate to FileVault.
- At the bottom of the tab, you’ll see a lock followed by the script “Click the lock to make changes.”
After following some simple steps your disk will be encrypted and macOS will generate a recovery key. Remember that decrypting the disk requires either your password or the recovery key. If you lose both, your data will be lost permanently.
Useful Third-Party Tools
Although there are plenty of paid and free file encryption and disk encryption tools available, personally I’ve found the built-in Windows and macOS tools to be more than sufficient. BitLocker on Windows and FileVault on macOS provide ample security and flexibility for the different encryption tasks that you might need to perform.
Still, tools like VeraCrypt and WinRAR can be useful for specific functions. Veracrypt, for example, comes in really handy for encrypting specific partitions of the disk. WinRar, on the other hand, can be useful for encrypting and compressing files and folders.
If you’re considering any other tool, it’s important to do your research and select a reputable provider with a proven track record of security. I’ll advise you to look for software that offers strong key management features, as well as regular updates and support.
Does CyberGhost VPN Encrypt Files?
No. CyberGhost does not encrypt files that are stored on your device, like WinRAR or BitLocker does. CyberGhost VPN employs AES-256 – a military-grade encryption algorithm – to ensure that all your traffic is encrypted when you use it.
Having a strong encryption method in place, CyberGhost VPN provides an ironclad security solution for your online activities. Thus, if you’re looking to encrypt your traffic over the internet to protect your privacy online, it is the perfect solution for you.
To cut a long story short, encryption is the first security measure you need to take to protect your sensitive data. And for that reason, it is essential for the cybersecurity of individuals and businesses alike.
Although encryption algorithms are abundant in number, the industry standard is Advanced Encryption Standard (AES) recommended by NIST and other regulators worldwide.
For encrypting files in your storage, both Windows and macOS offer in-built file encryption software. Also, both operating systems allow you to encrypt an entire disk.
While transmitting data over the internet, the best way to encrypt your traffic is to use a VPN. CyberGhost VPN is rather commendable in this regard – it uses AES-256 algorithm cracking which is next to impossible.
Examples of file encryption include AES, RSA, Blowfish, and Twofish. These methods encrypt files in such a way that without possessing a key generated by the specific algorithm, decrypting it would be computationally impossible.
The best encryption for files depends on the specific use case and requirements. AES-256 is considered one of the most secure and commonly used encryption algorithms. Although for most practical purposes, AES-128 will do just as well.
You can encrypt files for free using the built-in encryption methods in Windows and macOS.
On Windows, right-click the file or folder you want to encrypt. Then, go to Properties > General > Advanced > Encrypt contents to secure data. Follow the instructions afterwards. Once the file is encrypted, put the encryption key in a safe location.
On macOS, go to Finder > Go > Utilities > Disk Utility. Then, follow File > New Image > Image from Folder. Select the folder or file you want to encrypt, choose 128-bit or 256-bit AES encryption, create a password, and save. Remember to delete the original unencrypted file
Also, you can use free file encryption software like VeraCrypt, 7-Zip, and WinRAR.
Hackers can break into an encrypted file by stealing the encryption key, but also by intercepting the data before the sender encrypts it or after the receiver decrypts it. Apart from that, breaking good encryption by mere brute force is, in practical terms, impossible.
In other words, strong encryption algorithms and good cybersecurity security practices make it extremely difficult for hackers to break into an encrypted file.
CyberGhost VPN uses AES-256 encryption to protect your data over the internet. This encryption algorithm is considered to be one of the most secure and is commonly used by government and military organizations.
AES-256 uses a 256-bit key to transform plaintext data into ciphertext. Using the key, it performs a series of complex mathematical operations on each block of data, such as substitution, permutation, and XOR, to create an encrypted version of the input data.
The strength of AES-256 lies in the complexity of the mathematical operations and key length it uses, which make it highly resistant to attacks.