header bg

Scan QR code or get instant email to install app

Question:

You work in a secure environment. Although network-wide data encryption has been implemented, you wish to encrypt all the data on users' storage drives, including laptop drives, to stop information from being shared in the event that the drives are compromised or stolen. What is NOT a good way to encrypt this data-at-rest?

A Use EFS and let the employee choose what to encrypt.
explanation

Any data that is sitting somewhere on a drive is considered data-at-rest. It needs to be protected even when it isn't transferring between different network locations. It is not a smart approach to let the employee decide what should be encrypted using EFS since it leaves too much room for human mistake. There are third-party companies that focus on protecting data-at-rest. Utilizing MDM (mobile device management) software is another option. MDM enables the IT administrator to enforce encryption on remote devices, even those owned by staff members who use their personal devices for work-related purposes. Using MDM software, company data can be removed from a lost or stolen device. A solution for encrypting entire hard drives is BitLocker, but it requires Windows 10 or 11 Pro or higher editions plus a TPM (Trusted Platform Module) chip or module on the motherboard. In the TPM, BitLocker stores an encryption key that can only be accessed if the computer started as expected.

Related Information