💻/🖥️ Setup an Encrypted Vault
Encrypting your files means that nobody will be able to have access to them if they don't have the password... even you! So it's essential that you store your encryption password in a safe place, ideally in Bitwarden.
There is typically no recovery possible, so if you lose you password, the files in your vault will be lost forever, so it's also advisable to make backups, either of your encrypted vaults or of your files - of course storing them in a way that's at least as secure as your encrypted vault.
With Full Disk Encryption, you can protect your data from just being copied over by anyone who has physical access to your computer. But if they get access to you computer while it is powered on - e.g. if you are forced to provide your login passwords - then the data on your system will still be compromised. That's why we want to usage an addition layer of protection - a encrypted vault that acts like a safe for you to keep your files in. With your files kept in a locked vault, even if your device is powered on, they still would not be able to gain access to it. And because there are ways in which you can hide your safe, perhaps they will never even discover it!
What you should know
Like with all technologies, there are many options to choose from when it comes to technologies for encrypting your files. We are recommended tools which are:
- free of charge - so anybody can afford it
- open source - so it can be externally verified
- uses strong encryption - so you can be safe when using it
- available across platforms - so that it isn't limited to windows / mac / android
What you should prepare
We are recommending two different technologies, as they both support a different use case. So which one you should choose depends on how your organisation stores and works with files. The choice largely comes down to whether you need plausible deniability or not.
Unsure what it means? Read our short explainer on 🔒 Plausible Deniability.
Now, consider whether having plausible deniability is essential for the files you are hiding on your computer.
Cryptomator vs VeraCrypt
Regardless of the choice between Cryptomator of VeraCrypt, with either option you:
- CAN NOT edit files IN THE CLOUD (e.g. with google docs, or Word Online)
- CAN still edit files LOCALLY, (e.g. with Word)
So if you NEED plausible deniability, your choice is VeraCrypt. But know that with VeraCrypt it is not advised to sync your files in the cloud. So that makes it harder to collaborate on files. VeraCrypt is also useful to Create Encrypted Drives, i.e. encrypt entire drives, not just some of your files.
So if you DO NOT NEED plausible deniability, your choice is Cryptomator. Cryptomator is more user friendly, and it is made for syncing your files to the cloud. This way you can keep your files encrypted (both locally and in the cloud), but also share them securely with others, who can unlock the vaults on their own computers to work with the files locally.
Neither options truly allows you to disable remote access, but if you have 🔒 Setup a Bitwarden Account and 🔒 Practice Good Password Habits, your Emergency Contact would be able to revoke your access to the password and so you would not be able to login as you will be using a password that's far too long and complex to remember!
What you should do
Once you've decided whether VeraCrypt or Cryptomator better fits the way your organisation works, proceed to either use VeraCrypt or Cryptomator.
In some scenarios you might want to use both, but start with the most important one, and you can consider whether to add the second solution later.
First, you will want to:
Then, depending on your use case, move on to any of the following guides:
- 💻-🖥️ Encrypt Files with VeraCrypt - for securing a selection of files, instead of a whole drive.
- 💻-🖥️ Encrypt Internal Drives with VeraCrypt - drives inside your computer.
- 💻-🖥️ Encrypt External Drives with VeraCrypt - drives outside your computer, so either USB flash drives or external hard drives.
First, you will want to: