ProtonBlog(new window)

How to secure data on your external hard drives and USB peripherals

Share this page

USB peripherals (commonly known as “flash drives”), memory cards, and external hard drives all make backing up and sharing your data simple. And they are becoming more critical as modern-day schooling, work, and life are increasingly awash in data. But what happens if you lose or misplace one of these devices?

In many cases, the result is a damaging data breach. On Aug. 9, 2019, the New York City Fire Department had to notify over 10,000 patients(new window) because an FDNY employee had lost an external hard drive that contained seven years’ worth of medical records. 

Data breaches like this can be avoided if you encrypt your USB peripherals and external storage devices. Even if you are not handling patients’ personal health information on your flash drive, you will want to keep it secure.  Hackers can find a way to put even the most seemingly innocuous data to use for their malicious attacks. If you encrypt your flash drive, it is much more difficult for attackers to get unauthorized access to the data it contains, even if they steal it or you misplace it. 

What is encryption?

Encryption uses a complex algorithm to convert a message into a string of characters that are illegible. This transformation is specified by the encryption key. This same key is then also used to convert data back into a legible format. (This is how symmetric-key cryptography works. We discuss this more below.) Proton Mail, for example, uses symmetric-key cryptography in the end-to-end encryption it applies to all emails exchanged between two Proton Mail users.

Encryption is broadly categorized into two types — symmetric (AES, Twofish, Triple DES) and asymmetric (RSA) — based on whether the encryption and decryption keys are the same. Asymmetric encryption consists of a public key, which you can share publicly and use to encrypt data, and a private key, which you must keep secret. You use your private key to decrypt data that was encrypted with your public key. As long as your private key is secret, your encryption system is safe.

Should I encrypt my hard drive?

If you are a business user or a company, data protection regulations such as the GDPR or HIPAA might be mandatory, meaning you’ll need to encrypt your data to avoid costly fines. Even if your company is not bound by these regulations, it is still essential to encrypt your USB peripherals to avoid a data breach, which could cause irreparable damage to your business.

You should encrypt your personal external storage devices as well, especially when your flash drive has files on it containing sensitive or personally identifiable information. This type of data includes private personal or business details, photos, identification cards, plaintext passwords, login credentials, and financial information.

In other words, if the data you have stored in your external drive is solely for your use, then you should encrypt it, full stop. As these devices are small in size, they are prone to getting misplaced or stolen. Always encrypt such data, and remember to keep a backup as well. Needless to say, when you encrypt your hard drive, make sure you memorize your password or store it in a safe location. 

How to encrypt your external hard drive

You have four main options when it comes to encrypting the data on your USB peripherals. You can:

  • Encrypt each document individually using document processing programs
  • Encrypt the entire external hard drive using an encryption system built into your device’s operating system
  • Use a third-party encryption service to encrypt files or your hard drive 
  • Use a hardware-encrypted external hard drive

We discuss the advantages and disadvantages of each approach in more detail below. Except for hardware-encrypted USB peripherals, all of these encryption systems work on the premise that your document or flash drive cannot be accessed without entering the correct password.

Learn how to create strong passwords(new window).

File encryption using document processors

If you are specifically looking at encrypting documents or text files, you can use common document processing software like Adobe and Microsoft Word to directly encrypt your files. No one will be able to access the content of these individual documents without entering the preset password.

Learn how to encrypt documents with Microsoft Word(new window).

Learn how to encrypt PDFs with Adobe(new window)

Hard drive encryption with operating systems

If you would like to encrypt your entire flash drive or USB peripheral, most modern operating systems (OS) including Windows, macOS, and Linux have built-in encryption tools that give you this option. For example, you can use BitLocker on Windows, FileVault on Mac, or LUKS on Linux to encrypt your flash drive. 

The only limitation of this type of encryption is that it will not work across operating systems. If you encrypt your flash drive with BitLocker, you cannot use it on a macOS device unless you have the relevant software installed for the respective platform. To view BitLocker encrypted files on a Mac, you would need to install a separate program.

However, if you want to password-protect all the contents on your drive for enhanced security, here’s how you can go about it:

Learn how to encrypt USB drives in Windows(new window)

Learn how to encrypt USB drives in macOS(new window).

Learn how to encrypt USB drives in Linux(new window).

Third-party hard drive encryption software

Another way to encrypt your data is to use third-party encryption software. VeraCrypt and AESCrypt both offer AES-256 encryption, an industry standard for security. Both solutions are also free and open source software (or, VeraCrypt’s case, source-available software), which is important because it allows you to verify that a program does exactly what it claims by looking at its source code.

Learn more about Proton Mail and open source(new window).

One key difference is that VeraCrypt is used to encrypt the entire USB peripheral (as well as your device’s hard drive), while AES Crypt is used to encrypt individual files. This makes AES Crypt ideal for encrypting documents that are being secured on non-end-to-end encrypted cloud storage services (such as Dropbox or Google Drive). However, you can still encrypt individual files and store them on your flash drive as well. 

These tools can sometimes be platform specific, so you will need to be sure about where you intend to access the data before you proceed to encrypt it.

VeraCrypt(new window)

Available on Windows, macOS, and Linux.

AES Crypt(new window)

Available for Windows, macOS, and Linux. Third-party versions are available for Android and iOS. The Android app is open source, but the iOS app is not.

Hard drives with hardware-based encryption

These devices generally use a combination of software and hardware-based encryption, which, in some cases, requires setting a passcode on a physical keypad to protect your data. But they also rely on proprietary code which can make it extremely difficult to verify their security claims. For any hardware-based encryption solution, it is impossible to verify whether the device has a backdoor. This is true of any hardware. For this reason, it is important you only purchase hardware from vendors or brands that you trust.

It is important to note that no encryption system is foolproof. You should pay attention to the latest news to ensure the encryption you have used remains secure. Hackers have developed some attacks against BitLocker(new window), in particular, but they are generally not simple to implement.

However, this does not change the fact that encryption is not only easy to implement on your USB peripheral, but it is also an essential part of protecting your data. By properly implementing encryption on your hard drives and USB peripherals, you reduce the chances of suffering from various kinds of fraud, including identity theft and illegal financial transactions.

How to secure your files on the cloud

A final word on encrypted file storage:

It is often recommended to back up your files both physically, on external hard drives or USBs, and on online servers, otherwise known as “the cloud.” Whether it is Dropbox, Google Drive, or iCloud, you’ve probably already used a cloud-based storage system. These tools make it easy to store and access your files from anywhere.

Saving files to the cloud eliminates the risk of you misplacing or losing your USB peripheral. As long as you have an Internet connection and remember your password, you’ll be able to access your files. However, not all cloud storage services protect your privacy. Most major cloud services encrypt your files in transit but retain your encryption keys, which means they can access your files at any time. This also makes these services more susceptible to data breaches.

ProtonDrive, Proton’s upcoming cloud storage option, helps mitigate the effects of data breaches by using end-to-end encryption. This means your files are encrypted on your device before they are sent to our servers, and only you have the ability to decrypt them. Therefore, even if our servers were somehow accessed, no one, not even Proton, would be able to access the files.

You can learn more about this security architecture in our ProtonDrive security model(new window). The ProtonDrive beta will begin later this year.

You can get a free secure email account from Proton Mail here.

We also provide a free VPN service(new window) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(new window). Thank you for your support.

***

Feel free to share your feedback and questions with us via our official social media channels on Twitter(new window) and Reddit(new window).

Protect your privacy with Proton
Create a free account

Share this page

Proton Team(new window)

We are scientists, engineers, and specialists from around the world drawn together by a shared vision of protecting freedom and privacy online. Proton was born out of a desire to build an internet that puts people before profits, and we're working to create a world where everyone is in control of their digital lives.

Related articles

How to share a PDF
Sharing a PDF with coworkers, friends, or family members can sometimes be trickier than it seems if you’re trying to share a large file or if you want to use secure encryption. In this article, we show you how to share any PDF quickly, easily, and se
Proton Pass for Windows
Proton Pass is launching its new app for Windows, allowing you to access our password manager from your desktop. As one of our community’s most requested features, it’s available to everyone starting today. Proton Pass is the centerpiece of our effo
password policy
Businesses are increasingly dealing with the fallout from cybercrime: The number of attacks is on the rise and the damage done is growing exponentially. One of the most common vulnerabilities for organizations are their passwords. Since they are your
How to free up disk space
If you’ve ever owned an electronic device of any kind, you know the struggle of running out of space. No matter if it’s a smartphone, laptop, or desktop computer, there never seems to be enough room for all your files. Let’s show you some simple ways
What is 3-2-1 backup
Data backup is vital for businesses and individuals alike: In case something happens to your primary computer, you always have a copy of your data to fall back on.  How should you approach backup, though? The 3-2-1 rule can act as a guide when decid
What was your first pet’s name? In what city were you born?  We’ve all had to answer these questions to reset a long-forgotten password, but consider how that works. Much of this information is easy to find for others (or easily forgotten by you), m