How to encrypt files: a step-by-step guide for Windows, Mac, and Linux users
In 2021, 49% of respondents in Thales’s annual Cloud Security Study said that 40% of their cloud-bound data was sensitive. By 2023, this figure had risen to 75%. Yet businesses still don’t pay cloud security the attention it deserves. With only 45% of data being encrypted, most of them might just be a weak password away from a costly data breach. Or actively recovering from one, with nearly half of respondents having suffered a breach in their cloud environment before.
File encryption can be incredibly useful here. Standing as a protective shield in the digital armory of businesses, it safeguards sensitive information from unwanted access by rendering corporate data assets useless to cybercriminals. It does so by translating files into a complex code using algorithms, readable only with a specific decryption key. It’s a process akin to locking away valuable assets in a vault, with the key held only by those entrusted.
In this article, we’re taking a closer look at all things file encryption, including what file encryption is, why it’s critical in the age of digital collaboration, as well as how to encrypt and decrypt a file or folder securely.
What is file encryption? Definition and key benefits
As per the National Institute of Standards and Technology, file encryption refers to the cryptographic transformation of data, known as plaintext, into ciphertext, which conceals its original meaning to prevent unauthorized access or use. If the transformation is reversible, the encrypted data can be restored to its original state through the corresponding reversal process called decryption.
In the digital era, where data is the most valuable asset that a company can possess, encryption serves as the first line of defense for businesses aiming to protect information from prying eyes. It’s crucial not only for protecting confidential business information but also for ensuring customer data privacy, maintaining trust and reputation, and complying with regulatory requirements.
In particular, file encryption can help organizations:
1. Mitigate the impact of data breaches
In the event of a data breach, encrypted files remain illegible to cybercriminals. This means that sensitive information such as financial records, personal employee data, and customer information stays protected even if cybercriminals manage to infiltrate a network and access corporate data assets. As a result, the damage and potential fallout from the incident are minimized.
2. Strengthen compliance posture
Many businesses are subject to strict regulatory requirements regarding data management, such as the Health Insurance Portability and Accountability Act (HIPAA) in the healthcare sector and the General Data Protection Regulation (GDPR) in the EU. File and folder encryption helps comply with these regulations, averting potentially hefty fines and legal issues.
3. Maintain customer trust
Customers expect their data to be stored and handled securely. By using file encryption, businesses can demonstrate their commitment to protecting customer information, which, in turn, helps to maintain and build trust. A breach of customer data can be devastating to a company’s reputation, sometimes causing long-term or irreversible damage.
4. Ensure business continuity
A cyberattack can cripple a business, leading to downtime, loss of data, and significant financial losses. In fact, if cybercrime were measured as a country, it would rank as the world’s third-largest economy after the U.S. and China. By encrypting files, businesses add a robust layer of security that can help ensure continued operations even in the face of a cyber threat.
5. Safeguard intellectual property
For many organizations, product designs, trade secrets, and strategic plans are the backbone of their competitive advantage. In fact, intangible assets often make up over half of a company’s value, and up to 85% for businesses in the tech sector. File encryption ensures that these assets remain secure, preserving business integrity and market position.
6. Enable secure remote work
With the rise of remote work, employees often access company files from various networks, which may or may not be secure. File encryption ensures that sensitive company data remains protected, regardless of where it is accessed from, bolstering the security posture of the modern, flexible, yet effective workplace.
How to encrypt files and folders on Windows, Mac, and Linux
File encryption on Windows
1. On Windows, users can use BitLocker to encrypt their entire drive. To enable BitLocker, go to Control Panel > System and Security > BitLocker Drive Encryption. Select the drive you wish to encrypt and follow the wizard to turn on BitLocker.
2. For individual files and folders, right-click the item, select Properties, select Advanced, and check Encrypt contents to secure data. Decide whether encryption should be applied to related folders and files, then press OK to apply the changes.
If Encrypt contents to secure data appears gray and you’re unable to check the box next to it, encryption may not be turned on or available on your device. Keep in mind that BitLocker is available on supported devices running Windows 10 or 11 Pro, Enterprise, or Education.
File encryption on MacOS
1. On Mac, FileVault is the built-in full-disk encryption feature. To enable it, open the Apple menu, then System Settings and select Privacy & Security. Then click FileVault on the right, press the Turn on button, and follow the instructions.
2. To encrypt individual files or folders on Mac, right-click on the item in Finder, and choose Encrypt [item name] from the dropdown menu. You’ll be prompted to create a password, which you’ll need to access the encrypted files.
Note that if you have a Mac with Apple silicon or an Apple T2 Security Chip, your data is encrypted automatically. You can use FileVault as an added layer of security to make sure no one can decrypt or access your data without your login password. In case your device doesn’t have Apple silicon or the T2 chip, you need to enable FileVault to encrypt your data.
File encryption on Linux
1. Using Linux, you can encrypt your home folder during the installation process by choosing Encrypt my home folder when prompted.
2. For on-the-fly encryption, you can use a tool called GnuPG. You can install it via terminal (sudo apt-get install gnupg) and run the command gpg -c filename to encrypt a file. You’ll be asked to enter a passphrase.
3. Another option is to create an encrypted disk image using the cryptsetup command. First, install cryptsetup through the package manager, then follow the instructions to create a Luks file system, which you will mount to use.
Which files need to be encrypted?
In terms of document type, the following files should be considered for encryption:
- Emails and email archives
- Configuration and setting files for apps and software
- Log files containing user or system activity
- Backup files containing sensitive or personal data
- Personal identification files (e.g., scanned IDs, passports)
- Financial documents (e.g., bank statements, tax returns)
- Legal documents (e.g., contracts, wills, patents)
- Proprietary or confidential business documents
- Medical records and health-related information
- Encryption keys and digital certificates
- Project files (e.g., for video editing, 3D modeling, web development)
- Cloud storage files synced locally on your device
Format-wise, document types that can be encrypted include (but aren’t limited to):
- Text documents (e.g., Word, PDF, Markdown files)
- Spreadsheets (e.g., Excel, CSV files)
- Virtual machine disks (VMDK, VDI, HDD files)
- Presentations (e.g., PowerPoint, Keynote files)
- Databases (e.g., SQL dumps, Access files)
- Images (e.g., JPG, PNG, RAW files)
- Audio files (e.g., MP3, WAV, FLAC files)
- Video files (e.g., MP4, AVI, MOV files)
- Code and script files (e.g., Python .py, JavaScript .js, Bash .sh)
- Archives (e.g., ZIP, RAR, 7z files)
How to decrypt a file? 5 methods to decrypt encrypted files
As previously mentioned, decryption is the process of changing ciphertext, that is, encrypted data, into plaintext, meaning data in its original, usable form, with a cryptographic algorithm and key. There are several ways to decrypt files, depending on how the file was encrypted.
1. Using a decryption key
Files that have been encrypted with a specific key can only be decrypted using the same key. Having the correct key, possibly along with a passphrase, is crucial for unlocking the encrypted data.
2. Password-based decryption
Some encrypted files are secured with a password. Entering the correct password in the decryption software will revert the file to its original state.
3. Using certificates or digital IDs
In most business environments, files are encrypted using digital certificates. Meaning that only the recipient with the corresponding certificate can decrypt the file.
4. Decryption software
Several third-party tools are available to decrypt files, with some specializing in specific file formats or encryption types. Make sure to use software compatible with the encryption method used.
5. Automatic decryption
Files encrypted for secure transfer (such as SSL or TLS communication protocols) are automatically decrypted by the recipient’s device once they are safely received.
A word to the wise: attempting to decrypt files without access to the necessary key or password involves complex cryptographic analysis and is generally not feasible for the average user. For this reason, keeping decryption keys secure and accessible by authorized users is just as vital as the encryption process itself.
Zero-knowledge encryption: Tresorit’s file encryption method, explained
Tresorit uses zero-knowledge protocol to keep user data safe. It is also the only document productivity and digital trust platform that guarantees that your data is protected by zero-access encryption across all platforms, including web browsers.
Zero-knowledge encryption ensures that keys, passwords, files, and sensitive materials are never transferred in an unencrypted or readable form. At no point is such information visible to unauthorized users – including Tresorit administrators.
Why encrypt documents using zero-knowledge protocol?
1. No trust in the cloud
Most cloud service providers sacrifice security for usability features like integrations or real-time co-editing, which require them to decrypt user documents on their servers. In contrast, zero-knowledge solutions like Tresorit make it virtually impossible for anyone to access your data apart from you.
2. Store mission critical files
With Tresorit, every file gets encrypted automatically before being uploaded to the cloud. Thanks to zero-knowledge encryption, only you have access to the encryption keys and along with them, your files. If any of your encrypted information were to leak, it would still remain unreadable to unauthorized users.
3. Remote work made secure
Tresorit encrypts every document on the sender’s device before they make their way to the cloud and only decrypts files once they arrive at the recipient’s device. Thanks to zero-knowledge encryption, only you and your recipients have the encryption keys, preventing anyone else from reading the files – even Tresorit.
4. Smooth and secure collaboration
The rise of remote work has significantly expanded organizations’ attack surface for cybercriminals. Tresorit allows users to create vaults called tresors to share documents with authorized users from inside or outside the organization. Files stored in tresors can only be decrypted by their owners and approved collaborators.
How zero-knowledge encryption works
Want to learn how to secure a file that’s sent via email? Check out our deep dive on email encryption, including why email security should be a top priority for businesses and what solutions are available to make sure that your confidential data remains exactly that – confidential.