Security Posture Best Practices

Encrypting Your Computer Hard Drives

  • Updated

 

Encryption helps protect the data on a device, ensuring that data can only be accessed by people with authorization. As an employee, setting up the encryption of your hard drive can help keep your machine secure. 

 

Encrypting macOS

  • Turn on and set up FileVault.
  • Choose Apple menu > System Preferences, then click Security & Privacy.
  • Click the FileVault tab.
  • Click 🔒, then enter an administrator name and password.
  • Click Turn On FileVault.

 

Encrypting Windows

Windows 10 and 11 Pro:

  • Sign in to Windows with an administrator account.
  • In the search box on the taskbar, enter Manage BitLocker and select from results. OR select the Start button.
  • Under Windows System, select Control Panel.
  • In the Control Panel, select System and Security.
  • Then under BitLocker Drive Encryption, select Manage BitLocker. You’ll only see this option if BitLocker is available for your device.
    • If the Device encryption page isn't available, then it's possible that your device doesn't support the encryption feature. See below for additional steps.
  • Select Turn on BitLocker and follow the instructions provided.

 

Check if your device supports encryption

  • Open Start.
  • Search for System Information, right-click the top result, and select the Run as administrator option.
  • Click the System Summary branch from the left pane.
  • Check the "Device Encryption Support" item, and if it reads Meets prerequisites, then your computer includes support file encryption.

If your device does not meet the requirements see below for additional steps, or contact your admin. 

 

Enable Device Encryption

  • Open Settings.

  • Click on Update & Security.

  • Click on Device encryption.
    • If the Device encryption page isn't available, then it's possible that your device doesn't support the encryption feature. See below for additional steps. 
  • Under the Device encryption section, click the Turn on button.

Activating encryption hardware (TPM)

Some computer manufacturers do not automatically enable disk encryption hardware. Follow these steps to activate the chip. 

  • Open Settings.
  • Click on Update & Security.
  • Click on Recovery.
  • Under the Advanced startup section, click the Restart now button.

  • Click Troubleshoot
  • Click Advanced options
  • Click on UEFI Firmware Settings.
  • Click the Restart button.
  • Locate the security settings.

    • You may need to consult your manufacturer support website for more specific details to find the TPM settings.

  • Enable the TPM feature.

 

Encrypting Linux

Was this article helpful?

Have more questions? Submit a request