Do you have sensitive information stored on a USB drive? Then, you should consider using encryption to secure the data against loss or theft. With USB drives, there exist several options you can implement encryption on the drives.
The first option is by using BitLocker on Windows to encrypt your flash drives. The second option is by purchasing a hardware encrypted USB drive from a third-party. Finally, you can use a third party encryption software to encrypt a flash drive.
Why do you need to encrypt data on a flash drive? Consider a case where the pen drive gets lost or stolen. The resulting data breach on corporate information can be very catastrophic. If you frequently store sensitive data on a USB drive you should consider buying an encrypted flash drive such as the IronKey or Aegis Secure Key, both of which encrypt data automatically in hardware and can be used on computers running Windows, Linux, and Mac OS X.
The IronKey requires a password before one can access files on the drive while the Aegis Secure Key requires a PIN or password to be entered using tiny keys on the flash drive itself before its contents can be accessed. The only disadvantage of these two hardware encrypted flash drives is that they can be very expensive. For example, an 8 GB Aegis Secure Key costs around $100 and it’s not readily available.
In this article I will be highlighting step by step procedure to take to implement all three methods. Note that no encryption solution is 100% guaranteed and there exist vulnerabilities and security holes in some of these techniques. For instance, there has been reports of vulnerabilities in BitLocker, also third-party encryption software and most of hardware encrypted USB drives can be hacked.
Although hacking and exploitation of these methods is difficult you should consider using updated software and firmware to keep your data secure at all times.
How to encrypt a flash drive using Microsoft BitLocker
The easiest way to encrypt the contents of your flash drives is by using BitLocker, the drive encryption system built-in the Ultimate, Enterprise, and Pro versions of Microsoft’s Windows Vista and later. The advantages of BitLocker is that it’s free and readily available in many business versions of Windows. It is also very easy to use and does not require other software downloads. The only disadvantage with BitLocker is that it is only designed for Windows computers though there are basic builds for Mac like Mac Bitlocker Loader.
Here are steps to follow to encrypt your USB drive with BitLocker
- Right click on the drive you want to turn into an encrypted flash drive in computer, and select Turn on BitLocker.
- Wait while BitLocker initializes the drive.
- Select “Use a password to unlock the drive” and enter and re-enter a password that will be used to unlock the drive.
- Save a recovery key or print the recovery key and keep it in a safe place. You will need this to access the drive if you ever forget the password.
- Click “Start encrypting” to encrypt the drive and its current contents. Depending on the size of the drive, this may take between 5 minutes and an hour.
- Once the process is complete, your drive is an encrypted flash drive and you can only decrypt and access the contents after you provide the password.
How to access files from an encrypted flash drive that was encrypted with BitLocker
Insert the encrypted flash drive in another Windows computer. A pop up will appear prompting you to enter the password. If the entered password is correct, the drive will be unlocked and you can access all the files without any limitations.
Available BitLocker options
You can access these options by right clicking on the flash drive in computer. Some of the options when the drive is locked include:
- Change password to unlock the drive.
- Remove password from this drive.
- Add a smart card to unlock the drive.
- Save or print recovery key again.
- Automatically unlock this drive on this computer.
To turn off BitLocker encryption and return the encrypted flash drive to its previous unencrypted state, go to BitLocker drive encryption in control panel, and turn off encryption for your USB flash drive.
How to encrypt a flash drive using a third-party data encryption software
There are many third-party data encryption software out there but for this article I will be using VeraCrypt. Before making a decision to use a specific software, make sure it’s safe and secure. The quality of the software should be considered at all times. VeraCrypt is based on the previously popular TrueCrypt which was phased out due to security vulnerabilities discovered.
Here are steps to follow to encrypt your pen drive with VeraCrypt
- To get started, download Veracrypt and then install it on your computer.
- Run the program. On the program window all drive letters are listed. Start off by creating a new volume by clicking on the create volume button.
- On the volume creation wizard choose to create an encrypted file container or choose to encrypt a non-system partition/drive. The first option creates a virtual encrypted disk stored in a single file while the second option encrypts the entire USB flash drive.
- On the next screen you can choose between creating a standard VeraCrypt volume or a hidden Veracrypt volume. For extra security, go with the hidden volume because it creates a second encrypted volume inside the first encrypted volume. The most sensitive data is stored in the second encrypted volume and dummy data in the first encrypted volume.
- If you choose the hidden volume option, make sure to pick normal mode on the next screen so that VeraCrypt creates the normal volume and hidden volume for you.
- Next, you have to choose the location of the volume.
- Click on the select device button and then locate your removable device. Note that you can choose a partition or the entire device.
- If you chose to create a hidden volume, the next screen will set the options for the outer volume.
- Next, you have to choose the encryption algorithm and the hash algorithm.
- The next screen will set the size of the outer volume, which will be the same size as the partition. You will also have to enter the password for the outer volume. Note that the passwords for the outer volume and hidden volume have to be different.
- On the next screen, you have to choose whether you want to support large files or not. Choose yes if you really need to store files larger than 4 GB on the drive.
- Next, you have to format the outer volume. The FAT file system is the best to go with. Click format button and it will delete everything on the drive and then start the creation process for the outer volume. This can take some time because this format writes random data over the entire disk as opposed to the quick format that normally occurs in Windows.
- Once complete, you will be asked to go ahead and copy data to the outer volume. This is supposed to be your dummy data.
- After you copy the data over, you can now start the process for the hidden volume. Again you have to choose the type of encryption.
- Click next and you now have the ability to choose the size of the hidden volume.
- Next, you have to give your hidden volume a password and then click format on the next screen to create the hidden volume. Finally, you will get a message telling you how to access the hidden volume.
How to access files from an encrypted flash drive that was encrypted with VeraCrypt
Open VeraCrypt and first choose a drive letter from the list. Then click on select device and choose the removable disk partition from the list. Finally, click the mount button. You will be prompted to enter the password. If you enter the outer volume password, that volume will be mounted to the new drive letter. If you enter the hidden volume password, then that volume will be loaded.
Using Hardware encrypted USB flash drives
The last option is to buy a hardware encrypted USB flash drive. I would not recommend buying a software encrypted flash drive because such have a much higher chance of being hacked into. The advantages of hardware encryption is that it allows for faster access to the data on the drive, prevents pre-boot attacks, and stores the encryption keys on a chip, removing the need for externally stored recovery keys. When buying a hardware encrypted device, ensure it’s FIPS-compliant and using AES-256 bit.
If you really need some secure flash drives, my two best recommendations would be Ironkey and Aegis Secure Key. They are quite expensive but you will definitely feel good that your data is stored securely.