As we all ascend into a more digital and online environment the need to protect your data has become ever more relevant. Most people today are familiar with the idea of storing personal or business information on their computer or copying data onto a USB stick to carry about. What some do not realise is that this data is unprotected and available to individuals with the know how to access your information without your knowledge.

Although you have software to protect you from spam mail, viruses and trojans (some also have protection when on the internet) very few realise that the data on their PC’s and USB devices are easily accessed through a more basic method. If your PC or USB stick is stolen or misplaced then the information stored on it can be available to other people. To help prevent this Microsoft introduced a feature that allows you to encrypt your information and protect it from being accessed. BitLocker provides you with the means of securing your information which is a bit like it being inside a safe, locked in another safe at the bottom of the ocean…pretty safe!

In the article below we will explore options for encryption on your Windows 10 PC and what your options are if you have Windows 10 home, we will also look at how to protect data stored on your USB devices.

Encryption is a security feature whereby data on your drive(s) is encrypted and only accessible if you have the key.

With more people using USB drives the need to encrypt data is one of the most important and easily applied security features that can be deployed to your Windows 10 computer and USB devices, helping project your information and giving you peace of mind.


We recommend using Microsoft BitLocker as it provides you with security that’s built-in to your Windows 10 system.

Microsoft® BitLocker™

Microsoft provides a built-in free method of encryption, but it is only available on the Windows 10 Pro or higher . If you have Windows 10 Home then you will need to either look at one of the free or paid encryption programs or upgrade to Windows 10 professional (our preferred option).

Upgrading is a really simple thing to do, you buy a Windows 10 Professional license and enter the new license key into your current operating system. Your computer will then reboot and upgrade to professional.

The BitLocker feature works by encrypting data stored on your hard drive, it is only accessible after the correct key is entered. The key can be in the form of a numeric or alphanumeric code of more than 8 characters or through the use of technology on your computers motherboard call TPM “Trusted Platform Module”.

When BitLocker is enabled it is constantly protecting your data so if the hard drive is removed or if someone tries to access the data without going through Windows first then it cannot be accessed as the data is encrypted.

When you enable BitLocker, it will check to see if your computer supports the use of TPM and if so then it will store the encryption key on the computer’s hardware and you don’t need to create a key, although it is advised to create a key as well as it offers more security. If your computer does not have the TPM feature then you will need to create a key or passphrase that will be entered every time you turn the computer on.

During the process you will be prompted to save or note down the recovery key which can be used to unlock your system if any issues occurs during normal operation. It is very important that you note down this recovery key and store in a safe place.

BitLocker also offers some great benefits when used on a domain as recovery keys can be stored on the domain controller against the computer object.



BitLocker To Go

Another useful tool in the BitLocker bag is the ‘BitLocker to go’ feature which allows you to encrypt your USB drive and keeps it safe from any misuse.

The feature works in the same way as BitLocker does on your main system, insert your USB device and start BitLocker, you will see the BitLocker to go option available in the bottom section of the window.

Select the Turn BitLocker on option to start the encryption process, enter a password that you will use to unlock the drive (passwords should be more than 8 characters), save or print the recovery key and store it in a safe place, select the best encryption method and start encrypting!

Once finished the USB drive is encrypted and can be disconnected. You will be prompted to enter the password to unlock the drive when you next insert it. The USB will work in both the Windows 10 Professional and Home versions and is a great simple way of protecting your data on-the-go.


BitLocker To Go, on a domain

In order to keep your computers safe at work BitLocker To Go can be configured through the domain using group policies. This allows you to enforce the BitLocker To Go features to be used and gives you peace of mind that data in your business is safe and secure.

To start protecting your company USB devices we would create a group policy on your domain and configure your chosen settings

There are many policy’s that can be enforced using group policy, one that is particularly important would be:

Deny write access to removable drives not protected by Bitlocker

This will prevent data being written to USB drives that are not protected which will help prevent company data falling into the wrong hands should a USB device get lost.

Allow Access to BitLocker Protected Removable Drives from Earlier Versions of Windows

This will ensure you can still access encrypted data when moving to a new version of windows.

Below shows some of the other settings available, if you decide to implement this protection, we can discuss each of the other settings and the benefits they offer:

If you would like to know more about getting this setup on your network, get in touch with J C Designs today, one of our highly skilled engineers will be more than happy to help you.