As many employees working for a large company do these days, I get a laptop issued by the company. You are not supposed to use it for personal business, but I’m not that good in strict compliance. Sometimes I put personal documents on it just for convenience.
A recent glitch made me re-think that practice. Now I make sure all personal documents go on a personal USB flash drive that I own. Using a flash drive this way comes with its own problems. If I lose the flash drive, whoever picks it up will be able to read my documents. I want it encrypted.
You can put an encryption program on a USB drive. Sometimes it requires something installed on the host system as well. For me as a regular user though, I just want something that works out of the box. I bought Kingston DataTraveler Locker+ G3 from Amazon. The 8GB version only costs $12 (versus $5 for one without the encryption feature).
It works for both Windows and Mac. You don’t need anything installed on the computer. When it’s plugged in, it adds itself as a DVD drive. When you launch the “DVD” a program runs and it asks for a password, which you set when you used it the very first time.
When you enter the correct password, it opens up another removable disk drive. This is the real one on which your documents are stored. The documents are hardware encrypted with an embedded AES 256-bit key when you save them to the drive (you can’t view the key or supply a different key yourself). The documents are automatically decrypted when you open them from the drive. When you are done working with the drive, you click on an icon in the system tray to shut down the removable disk drive.
If you enter the password wrong too many times when you launch the drive, it resets and wipes out all your encrypted data.
This works for my purpose. If you want more features, you can get the “business-grade” Kingston DataTraveler Vault Privacy 3.0 drive. The 8GB version costs $21 instead of $12.
If you require more security, you can get the “military-grade” Apricorn Aegis Secure Key, with a built-in keypad on the drive to unlock it, and FIPS 140-2 Level 3 certification, whatever that means. The price goes up quite a bit though. The 4GB version costs $60; 8GB costs $83.
With an encrypted USB flash drive, I can download statements, 1099s, etc. to it before I upload them to FidSafe, the online safe deposit box by Fidelity.
[Image credit: Flickr user Ape Lad]
Say No To Management Fees
If you are paying an advisor a percentage of your assets, you are paying 5-10x too much. Learn how to find an independent advisor, pay for advice, and only the advice.
Khad Young says
Excellent article! I have been encrypting my tax information and other sensitive documents for years. It’s a great habit to encourage.
MAC: ENCRYPTED DISK IMAGE
If you will only be using the USB flash drive with Macs, you can use the built-in Disk Utility app to create an encrypted disk image that can be read on any Mac. You can store this encrypted disk image either on the computer itself or on a USB flash drive. See the “Create a secure disk image” section in this Apple support article for details: https://support.apple.com/kb/PH22247
An encrypted disk image allows you to also store files unencrypted on the same USB flash drive if you wanted to just have some of the data on it encrypted rather than all of it. This is useful if you have a very large USB flash drive or “full size” external hard drive. You can store music, videos, and other non-critical data unencrypted, and just keep your sentive data in the encrypted disk image.
MAC: ENCRYPT ENTIRE EXTERNAL DRIVE
Alternatively, if you did want to just use a USB flash drive and encrypt the whole thing with a password, you can also do that very easily with an existing USB flash drive you have. There is no need to buy a separate one. See the “Protect a disk with a password” from Apple: https://support.apple.com/kb/PH22246
WINDOWS: ENCRYPT ENTIRE EXTERNAL VOLUME
Windows users accomplish the same with the BitLocker feature: http://www.tomsguide.com/faq/id-2318734/encrypt-portable-hard-drive.html
Those options are all free, but to they do have the limitation that they are not cross-platform. That is, the data encrypted using the built-in features on the Mac will not be [easily] readable on Windows and vice versa. But most of us are in one camp or the other at home. 🙂
Keep up the great work!
Dave says
An alternative is the free TrueCrypt. A TrueCrypt volume can be stored anywhere (disk, USB, cloud) and is portable between Windows, Mac, and Linux. Despite TrueCrypt being abandoned by its original developers, it is secure and passes security audits.
Khad Young says
Indeed. TrueCrypt (or VeraCrypt which is based on TrueCrypt 7.1a and is actively being maintained). The downside is that it requires TrueCrypt rather than something that Just Works with no additional third-party software. Family members who may need access to the encrypted data in the event of one’s passing may not know how to use TrueCrypt. (I’m sure they could figure it out or find someone who can. It’s just one more hurdle and something to keep in mind.) It’s a great suggestion!