File Security question

I am self-employed and about to take on more clients. I had done most of my work on an old Gateway desktop, but it's so old and slow, I'm going to have to start using my laptop. I have the firewall enabled and have my home wireless network locked down, but I'm worried about the files that will be stored on my laptop. I can't find a way to password protect the files and in doing research, I don't think I can. I'm running Vista.

No, I can't afford a Mac and many of the business applications my clients run are not Mac compatible. ;)

Is there a utility out there to protect sensitive information?

What kinds of files are these? Are you wanting to be able to transfer the files electronically to others who will know the password to unlock them? Or, are you trying to secure them on your own system only?

Excel, Word, etc. allow password protecting of files, but this sort of "protection" is not that strong. It'll turn away the random snooper with no patience, but if someone really wants what's in those files, getting past this is not incredibly difficult.

As one method of more protection, you can encrypt the hard drive with something like TrueCrypt so that if the laptop is stolen getting at anything on it requires knowing the password/passphrase. When the drive is unlocked with you using it, however, this doesn't provide any protection and of course won't do anything if you transmit the files electronically.

The best method of securing your files is, imo, using GnuPG. You can use this in a couple of ways, one of which isn't very convenient but will certainly lock down the files as best as they can be locked down. Once this is all set up (which requires creating a key that is associated with a passphrase), you can encrypt individual files in a way that requires a massive amount of computing power and knowledge to break. You can also encrypt entire folders with it, but this can be a lengthy and cumbersome process if the folders are very large. The downside of this is that to use the files, you have to unencrypt them again. It lessens convenience, but it is about as secure as you will get.

The other way of using GPG is in conjunction with your e-mail client. Those to whom you send your e-mail/files have to install it as well, which is usually why this ends up not working since people can't be bothered, but if this is truly sensitive information used as a part of an employment contract, you could make it a part of the contract that your clients use it. Once set up, you exchange public keys with those with whom you will exchange e-mail/files, and when you send an e-mail/file you encrypt both the e-mail and any attachments with that person's public key. When the receive it, assuming they are using an e-mail client like Thunderbird that incorporates GPG into its interface (there's a Firefox add-on that makes it work in Gmail's web-based client also), they have to enter their passphrase to unencrypt it and can save it to their hard drive as a regular file.

Once you become accustomed to this, it's not the pain it sounds like it is. I've been using this for years, and most of the people I exchange e-mail with on a regular basis use it.

Whatever you end up doing, just remember that the more convenient the method is the less likely it is to be truly secure.

All types of files. Word documents, QuickBooks files, Excel spreadsheets and PDF files. I have one folder per client and want to lock down the folder. I like the idea of locking the entire drive in case the computer is stolen.

The old desktop is physically disconnected from the router when I'm not online (and that's not often). When I'm not using the desktop, the computer is turned off. So using my laptop is bringing up a lot of security questions I haven't had to address before.

Not sure why this didn't occur to me before since I have had systems set up this way.

Disclaimer: It's been awhile since I've used TrueCrypt, so I'm going on memory of the way it works.

Use TrueCrypt to secure the entire drive at the operating system level, meaning you will be required to enter a passphrase before the system will boot. Pick a passphrase you *will* remember. Once you've encrypted the drive, if you forget this, you're pretty much screwed. Since the drive is encrypted as a whole, even if it is stolen, thieves will have an incredibly difficult time trying to get anything off it.

Also using TrueCrypt you could create various secured folders for each of your clients on the drive itself, what is called within TrueCrypt as a file-hosted volume. This volume exists on your hard drive as a single file, but it works as a folder into which you can copy the files you use and then copy them back out again when needed.

If you then have need of transferring these file electronically, use GnuPG for this. I recommend this method of e-mail communication about anything but general conversation anyway. Why more companies and organizations don't use it is beyond me ... well, I know why. It's the convenience thing, which is the downfall of every security system.

Further, you can use GnuPG to encrypt all your files for archival purposes. That is, encrypt the files and then save them to a CD/DVD. Alternatively, you could use TrueCrypt on an external hard drive for archiving.

I work for a government agency, and we use TrueCrypt to encrypt files on any laptop that will leave the office. Several laptops have their entire file structure encrypted while others run only a small encrypted volume. Our processes passed a DoD security audit, so I assume they're pretty good.

I got curious and played with it just now. It's changed some since I used it before ... works better, fairly seamless in fact.

Anyway, the encryption methods and hashes used on it were created by the NSA and the EU and are their standards, so, yeah, it's good enough for government work. :)

And having played with it now, I retract everything I said about GnuPG in my initial reply except as a method of exchanging files via e-mail. Seems like the best solution for the OP would be to set up a volume for all the work files, mount it, and go. Then, for archiving, set up a volume on an external drive or a large USB stick if the files would all fit.

I use AxCrypt all the time. Once its installed, it becomes a right-click, context menu in Explorer.

Right click on a file, select AxCrypt -> Encrypt. Set a password. Done.

When you want to read/edit the file, right click, select AxCrypt -> Decrypt. Supply the password. Done.

http://www.axantum.com/