The FBI’s inability to crack a terrorist’s iPhone 5c shows the strong protection you can get for your private information on a mobile device. That same encryption is also available on your computer, at least in some cases.
Given the increasing access to personal and corporate data sought by the U.S. government, as well as by other politicians, unscrupulous businesses, and criminal hackers, people should up their game on what they protect. Fortunately, it's not hard to do. (But be sure to back up your data before you encrypt your devices, in case a power failure occurs during the encryption process and makes your data unavailable.)
How to encrypt your iOS or Android mobile device
On your mobile devices, be sure to do the following:
Upgrade to iOS 9 or Android 5 or 6 on all your smartphones, tablets, and data-storing devices like iPod Touches to get their hardware-assisted encryption capabilities. Then enable encryption on those devices.
In iOS, all you have to do is turn on password protection, which you do in the Settings app's Touch ID & Passcode section; encryption is in play once a password is required. When you unlock your device (whether it is asleep, turned off, or restarted), entering the password decrypts the device.
Left: To enable encryption for your iOS device, open the Settings app, tap Touch ID & Passcode, tap Turn Passcode On, and follow the instructions. Also set the grace period before an idle device locks itself and requires a password by tapping Require Passcode. Note: If your device is enrolled in a management server, the idle duration may be set for you already. Right: To encrypt your device backups, open iTunes on your Mac or PC, select your device from the Devices menu (the iPhone icon at upper left), go to its Summary tab, enable This Computer in the Backups section, check Encrypt iPhone/iPad Backup, and follow the instructions. Open full-size image.
On Android, you enable encryption in the Settings app as well; the location varies from vendor to vendor and version to version, but you can typically find it within the Security area or Lock Screen and Security area. Look for an option called Encrypt Device or Encrypt Phone and tap it. If your Android device has an SD card installed, you should also see the Encrypt SD Card option to encrypt that external storage.
Although the use of encryption requires you enter a password on your device, it does so only when you restart or turn on the device -- not to unlock a sleeping device. You should also set an unlock password for your Android device. You do that in the Settings app: Tap Security or the equivalent option, then tap Screen Lock or the equivalent option. Then choose PIN, Password, or Fingerprints (if your device supports fingerprint IDs) and set up your password. Be sure to set the lock time for how long the device can be idle before a password is required to unlock it; look for an option called Automatically Lock or something similar, again in the Security section of the Settings app.
Left: In the standard Android 6 Marshmallow's Settings app, tap Security in the main screen, the Encrypt phone in the Security screen, and follow the instructions. Right: On Samsung devices in Android 5 Lollipop's Settings app, tap Lock Screen and Security, then tap Other Security Settings, then tap Encrypt device, and follow the instructions.Open full-size image.
Don't back up to cloud services like iCloud or Google Drive; the government can get warrants to access those backups. Instead, in iOS back up to your PC or Mac via iTunes, with the Encrypt iPhone/iPad Backup option turned on for each device in iTunes' summary pane. Now your backups are safe from prying eyes, too. Unfortunately, Android users don’t have a similar option for secure, encrypted backup.
Use encrypted services like Apple’s iMessage and OpenWhisper’s TextSecure where possible. SMS service from your phone company is not secured from government agencies.
If you use a BYOD unit that mixes corporate and personal information, I suggest you stop accessing it for work -- especially if your company employs mobile device management (MDM) software, because it can help unlock your device and provide access to its contents. Some companies use MDM-managed containers for corporate data and apps, which might provide the separation you need to keep doing BYOD. Beware: If they can unlock your device, they then have access to your personal data as well. It's safer to carry separate personal and work devices.
How to encrypt your PC or Mac
On your computer, be sure to turn on encryption. Note that you'll need administrator privileges to do so.
On a Mac, do so using the Security & Privacy system preference to enable Apple's FileVault encryption. If you have multiple user accounts on the Mac, be sure to enable encryption on each one that you want to protect. I suggest you choose a different FileVault password than what you use for your iTunes or iCloud account; if an agency gets Apple to reveal that password, it won't decrypt your Mac.
Left: To encrypt your Mac, open the Security & Privacy system preference, go to the FileVault tab, click Turn On FileVault,and follow the instructions. Center: To encrypt your backup drive when first selecting that drive, open the Time Machine system preference, click Select Disk, then in the sheet that opens select the desired backup drive, check Encrypt Backups, and click Use Disk. Right: To encrypt any external drive at any time, right-click it in the Finder and choose Encrypt from the contextual menu that appears. Open full-size image.
Also be sure to encrypt your Time Machine backups and any external drives. When setting your backup drive, you can encrypt it in the Time Machine system preference by clicking Select Disk, selecting the backup drive, enabling the Encrypt Backup option, and clicking Use Disk. In OS X El Capitan, you can encrypt any external drives, including your Time Machine backup drive, by right-clicking or Control-clicking it in the Finder and choosing Encrypt from the contextual menu that appears. In older OS X versions, you can use Disk Utility to encrypt a drive; select the drive in its Sidebar, then choose File > Encrypt or File > Lock, depending on your OS X version.
On a PC, enabling Microsoft's BitLocker encryption is a little trickier. Your PC will likely need to have a Trusted Protection Module (TPM) on its motherboard, but it's often missing on cheaper PCs and even expensive older PCs. And you must be running a Pro, Ultimate, or Enterprise edition of Windows Vista or later. If your PC is BitLocker-compatible, you'll find the BitLocker Drive Encryption settings (called Manage BitLocker in Windows 10) in the Security control panel. In some cases, you can also encrypt external drives.
Click the Turn On BitLocker button in the BitLocker Drive Encryption control panel in Windows (Windows 10 shown at left, Windows 7 at right) to encrypt your boot drive. The most expensive editions of Windows also let you encrypt external drives in the same control panel. Open full-size image.
Enterprise editions of Windows can encrypt attached USB drives and thumb drives, using the BitLocker to Go tool. But consumer editions can't, so your backups won't be encrypted.
If your PC doesn't support BitLocker, use a third-party encryption tool like VeraCrypt.
Encrypting your communications and cloud-stored data
Encryption works very nicely on your mobile devices and computers, for the data they directly store. But we increasingly store data on cloud services such as iCloud Drive, OneDrive, Dropbox, Box, and so on -- and they are susceptible to access by government agencies. Don't use those services for anything you want to keep truly secret. If you must go with them, consider adopting a tool like VeraCrypt to encrypt their contents.
For your communications, use encrypted communication tools, such as those recommended by InfoWorld's Fahmida Rashid. They'll protect your messages and Web data -- most of the time. Government agencies have hinted that they can access some of these services' encrypted data, but won't say which ones, so there's no 100 percent guarantee of privacy.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.