olivia_headshot_new

Digital Security Trainer

Last updated

toolkit-encryption-INTRO

No matter who we are, each of us has information to keep secure and private. For media makers working in film, journalism, and the arts, data protection is essential. Audio, video, image, and text files make up the bulk of their work, and thus, their livelihoods. The stakes to keep these files from falling into the wrong hands are extremely high.

We rely on encryption to protect our data as we browse the web and communicate. When media makers require additional protection and fine-tuned control over access to project data throughout the production process, encryption is key. Encryption gives media makers the power to restrict access to their video archive to a single key, or to password-protect folders containing contracts and scripts sitting on a computer.

Technical solutions for these operational needs don’t need to be cost-prohibitive, or difficult to master. We can rely on tools built into our operating systems, as well as free and open source software, to get the job done.

Strategies

How to encrypt external storage devices for medium- to long-term storage

External storage devices — like USB storage devices, CF cards, SD cards, and hard drives — hold files for projects current and past. Encrypting these devices protects the files you place on them. This workflow is a travel essential, a useful strategy for highly sensitive archives, and has a multitude of other applications.

How to encrypt containers on your computer to safeguard files

You can think of encrypted containers as a password-protected folder you use to store sensitive files. You can use these folders for small and large files, depending on the size of the container you make. You can keep them on your computer or storage device, as well as upload them to a cloud service to serve as a remote backup for sensitive files.

Technical terms

The term “storage device” refers to entire external storage devices, like USB drives, CF and SD cards, and hard drives.

When you “format” storage media, you are virtually rebuilding a storage device or partition from the ground up. This process allows you to wipe and/or encrypt the storage space.

On a computer or storage device, you store and locate your files through a “filesystem.” Every time you format device storage, you are preparing it with a new filesystem to handle the data you plan to store on it.

A “partition” refers to a subdivision of the total capacity of a storage device. You can start out with a single partition on a device, and then format it to have many partitions — some can be made to be encrypted, and others may not.

We use the terms “container” or “disk image” or “file container” interchangeably (depending on the operating system in question). In a basic sense, these are spaces you create on your computer to hold a certain storage capacity. You can format them with or without encryption.

Passphrase” might sound clunky or unfamiliar, but it is just another way to refer to what is commonly known as a password or passcode. We prefer to use passphrase to stress the important requirements of length and complexity when creating one.

Software

Windows/Linux/macOS users: VeraCrypt

VeraCrypt is an open source volume management tool compatible with all major operating systems. You can use it to wipe existing volumes, and configure standard encrypted volumes. Because of its versatility, it is ideal for teams that plan on sharing encrypted data across platforms.

macOS users: Disk Utility

macOS users can use Disk Utility to wipe and encrypt external storage devices, and create encrypted disk images on a computer’s local file system.

And many more...

There are other tools media makers can use to encrypt storage devices and containers, like Windows’ Bitlocker (only available for premium Windows 10 licenses). The availability of these tools is dependent on your operating system, which is why we’ve highlighted the widely available options above.

Pro-tips

Not all solutions will work with every operating system. You have to balance technical constraints with the needs of the project.

When formatting storage media, you are erasing its contents to prepare it to store new files in a filesystem format you designate. Some formats will only work with certain operating systems (more on that below). Every time you format a drive or memory card, you’ll select a type that works with how you intend to use the storage device (e.g. compatible with both macOS and Windows, or just one of the two).

Most workflows will feature at least one of the following standard format options.

  • Mac OS Extended (Journaled): Optimized only for Sierra and newer versions of macOS. This is the default option we recommend in our demonstrations.

  • Mac OS Extended (Case-sensitive, Journaled): Optimized only for Sierra and newer versions of macOS, with a case-sensitive naming hierarchy that will differentiate a file named “demo.mp4” from “Demo.mp4”

  • exFAT: Compatible with all major operating systems and devices, optimized for use with drives over 32GB and handling files larger than 5GB

  • MS-DOS or FAT32: Compatible with all major operating systems and devices, optimized for use with drives under 32GB and handling files smaller than 5GB

When you format a partition or device, you erase all its data in the process.

All the files currently on your storage device will be lost during the formatting process. Make sure you move any files you want to save off of the device before continuing through the formatting process.

Use a complex and unique encryption passphrase. And keep it somewhere safe.

When you go through the process of encrypting storage devices and containers, you’ll be asked to designate an encryption passphrase. You’ll use your encryption passphrase to decrypt your encrypted device or container, thereby granting you the ability to access the files it contains. This encryption passphrase should be long, and unique. Even with the best cryptography in the world, a weak encryption passphrase is trivial for an attacker to guess.

Do not forget your encryption passphrase. Without it, you won’t be able to unlock your partition and will lose any data you haven’t backed up elsewhere. You have options for safekeeping. You can: Memorize your passphrase, write it down in a secure physical location, or keep it in a password manager. Consider making a backup of files you cannot afford to lose.

Ready to encrypt all the things?

Now that you’ve got the basics covered, you can follow our step-by-step guides to encrypt external storage devices and containers on your computer.

MacOS users can get started with our Disk Utility guide.

Windows, Linux, and macOS users can follow along with our VeraCrypt guide.

Photo by Marco Verch. CC BY 2.0.