Encrypting external media is important. During the next part of this series on encryption I am going to discuss encrypting external media like USB flash drives or external hard drives. Because these drives are used as backups or to store sensitive data, and becaus they are easily lost, encrypting them is just as important as encrypting their hosts. Today’s post will cover using BitLocker external media encryption or as it is officially known, BitLocker To Go.
BitLocker External Media Encryption
First, insert the drive that you wish to encrypt. Next, open the Control Panel and navigate to “System and Security”. Click “Manage BitLocker”. You will see the drive in the list. Click “Turn on BitLocker” beside the drive. You will now be prompted to enter a password. You will also be required to create a recovery key. Just as with full disk encryption, I do not recommend saving this key to your Microsoft account. Instead save it locally to a file or print it. When you have saved the recovery key click “Next”.
On the next screen you are asked to choose how much of the drive you wish to encrypt. It should be no surprise that I recommend encrypting the entire drive. After clicking “Next” you will be asked to choose an encryption mode. I recommend choosing the “New encryptin mode” (AES-XTS) unless you plan to use the drive with older Windows computers. If so the new encryption mode may cause some compatibility issues. When you have chosen the encryption mode click “Next”, and “Start Encrypting”.
A progress bar will appear. You can pause the encryption process if you need to remove it. When the encryption is complete and you plug the drive in it, you will see a padlock icon beside it indicating it is encrypted. Mounting the drive is simply a matter of entering the correct password.
If you enjoyed this article and would like exclusive content, sign up for the Operational-Security Newsletter.