Once TrueCrypt is installed then you can create a new secure volume using the wizard which can be launched from the main program screen.

From here click on the “Create Volume” button to launch the wizard.

From here select the “Create a File Container” option the create a new secure volume on your Hard Disk. From here you can also choose to Encrypt the entire system partition which means that the partition that Windows is installed on would be encrypted and require a password to be entered before Windows can boot. You can also encrypt a non-system partition which would be another partition on your drive or a USB memory stick. In this example we will create a “File Container”; once selected click next.

At the next screen you have the option to select a “Standard TrueCrypt Volume” or a “Hidden TrueCrypt Volume”. A Standard volume is simply an encrypted volume which when the password is entered it mounts and the data is visible. The “Hidden Volume” however is a little more sophisticated; what happens is when the volume is created it will create another volume within that one. Both volumes are located as a single file on the disk however the one that becomes visible is dictated by the password entered. This is especially useful if you have to enter your are forced to enter your password under duress; in this scenario you would enter the password for the volume which does not contain the actual secure data but is in fact the “fake” secure data. For this example however we will create a “Standard Volume”; once selected click Next.

Once the next screen you will be asked to “Select File” which basically speaking means that you need to specify the filename and location. The actual filename you use should be a obscure as possible as this will make the file harder to locate to would be attackers. In this example we have called the file “readme.txt” Once you have done this click on Next.

From the next screen you have the option to select what encryption algorithm you want to use for your volume. The algorithm that you use simply dictates how the data is encoded when the file is created and more importantly when data is stored on the volume. For most of us AES will be sufficient so we will select that and click Next.

Now we have to specify the size of our encrypted volume. This will be entirely down to personal choice and will be dictated by the amount of data that you want to carry with you. For simplicity we will enter a value of 100MB and then click on Next.

At this point we are now required to enter a password. It cannot be impressed enough how important it is to choose as strong enough password for this file. Lets face it if you simply enter the password as “password” then it isn’t going to take much to guess it. So no kids names, no pets, no car registration, no spouse’s, nothing that is anything to do with you. Lets face it if you used you favourite nursery rhyme that would be more secure as a password; for example “tw1nkle tw1nkle l1ttle star how 1 wonder what you are” would be completely random, nothing to do with you and yet easy to remember. So think long and hard what you will use and make sure it’s something easy to remember but still strong. Once this is done then click Next.

The next screen is for formatting the volume however before you click “Format” you need to move your mouse randomly within the Window. This is done to help to create a completely random key and the more you move the mouse then more random it becomes.

When you have done this and you are happy with it click on “Format” and wait until a box appears telling you it is complete. Now click on “OK”

When this has finished you can either continue with the wizard to create another volume or you can click on “Exit” to return to the main TrueCrypt screen.

From them main TrueCrypt screen click on the “Select File” button and you will be presented with a screen titled “Select a TrueCrypt Volume”. From here we can select our newly created volume, in our example we will select the file “readme.txt” and click on “Open”.

Now select the drive letter from the top part of the screen that you want to assign the volume to, in our case this will be “F:”, now click on “Mount”. This will then prompt you for the password that you entered earlier as below.

Enter your password and then select “OK”. If you need to you can check the “Display Password” box so that you can see what you are typing but obviously make sure no-one is around to see it.

That is basically it, you can now go into “My Computer” and you will see your newly create volume as shown below.

I hope this is of help to some of you and if you have any questions then please post them up and I will try help where possible. The program is just one of many that are around and each of these vary in the way that they work however this all work towards the same end result which is that they all try to make your data more secure.

The fact is that almost every business today owns at least 1 notebook computer and typically that will be taken out to meet clients, to work from home etc. On that notebook there will typically be a great deal of data regarding either your own business or possible about your clients data so do you encrypt your data? The answer is almost certainly no, so how on earth can we complain when other organisations do they same. While I understand that these organisations should know better as they have much larger funding budgets to get people onboard that should be telling them this but the fact of the matter is that very few businesses do this themselves. Recent figures show that the public is 80% more cautious with their personal data than before the HMRC data loss which is a positive move for security. You may think that the data on your notebook is of no value to anyone else but lets just assume for one minute that you loose your notebook and you have the following on it:

• On it is the payroll figures as you needed to work on them tonight
• You also have the sales figures for your clients
• Details of a new proposal for a potential client
• Documentation regarding a client(s) site, not including passwords

So what is the value of this to anyone else:

• The payroll data would be invaluable to a headhunter for example. If you had a member of staff who had some very coveted knowledge then they would be able to know where to start with pay offers
  • If the payroll figures included home addresses of employees then this would also be of interest to criminals for identity theft.
• Sales figures would be of great interest to your competition as they would be able to ascertain the financial value not only of your own company month in month out but also the value of each of you clients each month.
• Details of a new proposal would again be of interest to your competition as they would then know what you are proposing but more importantly what you are planning to change for this fantastic service. If this proposal is for an IT system this may also be of use to a potential hacker as it may provide information regarding internal systems or security information.
• Documentation regarding a clients site would almost certainly hold value to a potential intruder if it was technology documentation as it would provide valuable insight into what internal systems they had. If it related to equipment such as phones, plant machinery then again it would have value to competitors or companies in that field.

The fact of the matter is that whatever data you have it will be of use to someone and simply putting a password on Windows is just not going to cut it. By simply booting of a CD such as UBCD4WIN you don’t even need to crack the password for Windows, it will let you access the data on the hard disk and transfer it off and with the price of notebooks so low now (from £299) the data is often worth many times the value of the notebook.

So what can you really do to stop this? Well quite simply encrypt the data, this can be done a number of ways.

1. You can use Windows XP EFS (Encrypting File Service) to encrypt data and lock it to the individual user account. This means that should anyone who is not logged in with the user account that encrypted the files then they will not be able to access the data.
2. There is also Bitlocker Drive Encryption which available to Windows Vista (Enterprise and Ultimate) and Windows 2008 server. This system uses full disk encryption to encrypt and entire volume rather than individual files. It requires an area of the disk to be created as a Bitlocker volume.
3. There are also a host of third party application which will either encrypt individual files or create PSD’s (Personal Secure Drive) which is essentially a encrypted file on your hard disk that is mounted up as a volume (Drive letter) so that you can save your files. While it is mounted it is unsecured but once it is dismounted or the system is shut down it becomes encrypted again.

One such package that I have found to be a very good product for this particular task is TrueCrypt, it’s an open source package for on-the-fly encryption. While you can encrypt the entire drive you can also create encrypted volumes which can be mounted up as disks on your system by using a password. I personally like this method as it allows me to create a volume to store all of my “data” in rather than being mixed up with the rest of the system.

There are a great many package which do the same or similar and they are all equally able to secure your data whether using a password, keyfile or a hardware USB key combines with passwords etc. Some are certified for government users while others are not but in the end it is personal choice however whatever the case it is something that should definitely be looked at.

For more information on using TrueCrypt then please read Better safe than sorry (Part 2)