But that level of security comes at a cost. Encrypting the entire drive can brick your PC. Make an image backup first, and make sure you have emergency repair drives for both the encryption software and your image backup program.
That’s not all. Should your computer or hard drive crash, your chances of successfully recovering lost files drops considerably. Even a Windows reinstall can leave your files inaccessible if you didn’t take proper precautions.
If the PC is using Windows 7 Ultimate or Enterprise, or Windows 8 Pro or Enterprise, you can use BitLocker, which comes with these versions of Windows. But you have to know what you’re doing.
BitLocker works best in an environment where a professional IT department serves users who may not know what the word encrypt means. You can set it up so that the user doesn’t even know that the drive is encrypted. When they log into Windows with their password, they get access to the encrypted files. If they log into another account, or boot with another OS, the files are unreadable.
What’s more, if you need to reinstall Windows, or restore the files from a backup, you’ll need a special digital key that’s created when you encrypt the drive. That key has to be stored elsewhere and someone has to know where to find it. That’s where IT comes in.
Third-party encryption programs are more straightforward. When you boot the PC, you have to enter the encryption password before Windows can load. Because the password is used on a daily basis, it’s unlikely to get lost.
The free and open-source VeraCrypt does a good job. The wizard to set up drive encryption is long, but reasonably intuitive.
But VeraCrypt has its limitations. For instance, it won’t work on PCs using the newer GUID partition table.
Your choices, unfortunately, are limited.