For media makers working in film, journalism, and the arts, data protection is essential. Learn how you can use encryption to build up your defenses, and protect your work.
No matter who we are, each of us has information to keep secure and private. For media makers working in film, journalism, and the arts, data protection is essential. Audio, video, image, and text files make up the bulk of their work, and thus, their livelihoods. The stakes to keep these files from falling into the wrong hands are extremely high.
We rely on encryption to protect our data as we browse the web and communicate. When media makers require additional protection and fine-tuned control over access to project data throughout the production process, encryption is key. Encryption gives media makers the power to restrict access to their video archive to a single key, or to password-protect folders containing contracts and scripts sitting on a computer.
Technical solutions for these operational needs don’t need to be cost-prohibitive, or difficult to master. We can rely on tools built into our operating systems, as well as free and open source software, to get the job done.
External storage devices — like USB storage devices, CF cards, SD cards, and hard drives — hold files for projects current and past. Encrypting these devices protects the files you place on them. This workflow is a travel essential, a useful strategy for highly sensitive archives, and has a multitude of other applications.
You can think of an encrypted container as a password-protected folder you use to store sensitive files. You can use these folders for small and large files, depending on the size of the container you make. You can keep them on your computer or storage device, as well as upload them to a cloud service to serve as a remote backup for sensitive files.
The term “storage device” refers to entire external storage devices, like USB drives, CF and SD cards, and hard drives.
When you “format” storage media, you are virtually rebuilding a storage device or partition from the ground up. This process allows you to wipe and/or encrypt the storage space.
On a computer or storage device, you store and locate your files through a “filesystem.” Every time you format device storage, you are preparing it with a new filesystem to handle the data you plan to store on it.
A “partition” refers to a subdivision of the total capacity of a storage device. You can start out with a single partition on a device, and then format it to have many partitions — some can be made to be encrypted, and others may not.
We use the terms “container” or “disk image” or “file container” interchangeably (depending on the operating system in question). In a basic sense, these are spaces you create on your computer to hold a certain storage capacity. You can format them with or without encryption.
“Passphrase” might sound clunky or unfamiliar, but it is just another way to refer to what is commonly known as a password or passcode. We prefer to use passphrase to stress the important requirement of length when creating one.
VeraCrypt is a free and open source volume management tool you can use on all major operating systems. Encrypted VeraCrypt volumes can be read by virtually any computer with no issue, so long as you have VeraCrypt installed. Because of its versatility, it is ideal for teams that plan on sharing encrypted data between macOS, Linux, and Windows devices.
macOS users can use Disk Utility to wipe and encrypt external storage devices, and create encrypted disk images on a computer’s local file system. It comes installed on every macOS device, and is simple to use. When you encrypt a volume with Disk Utility, you'll only be able to decrypt and read that data on macOS devices.
PC users running Windows 10 Pro, Enterprise or Education edition have access to Microsoft’s built-in BitLocker suite of disk encryption tools, including BitLocker To Go. Similar to macOS’s Disk Utility, BitLocker To Go allows you to encrypt external hard drives that can be decrypted by other Windows PCs using a shared password. BitLocker To Go is not natively supported by macOS or Linux.
In order to choose the correct tool and workflow for your needs, you'll have to think about a couple of factors. Ask yourself:
Every time you format a drive or memory card, you’ll select a type that works with how you intend to use the storage device (e.g. compatible with both macOS and Windows, or just one of the two).
All the files currently on your storage device will be lost during the formatting process. Make sure you move any files you want to save off of the device before continuing through the formatting process.
When you go through the process of encrypting storage devices and containers, you’ll be asked to designate an encryption passphrase. You’ll use your encryption passphrase to decrypt your encrypted device or container, thereby granting you the ability to access the files it contains. This encryption passphrase should be long, and unique. Even with the best cryptography in the world, a weak encryption passphrase is trivial for an attacker to guess.
Do not forget your encryption passphrase. Without it, you won’t be able to unlock your partition and will lose any data you haven’t backed up elsewhere. You have options for safekeeping. You can: Memorize your passphrase, write it down in a secure physical location, or keep it in a password manager. Consider making a backup of files you cannot afford to lose.
Now that you’ve got the basics covered, you can follow our step-by-step guides to encrypt external storage devices and containers on your computer.
MacOS users can get started with our Disk Utility guide.
Windows, Linux, and macOS users can follow along with our VeraCrypt guide.
Windows users can follow along with our BitLocker To Go guide.