How to encrypt files and folders in Windows 10

Here’s how to make your sensitive data unreadable to prying eyes

Padlock over lines of binary code

Picture this: A cyber criminal sidesteps multiple security layers to break into your computer system. With all of its protection stripped, your device is vulnerable to unforeseen viruses and malware. The data you conveniently stored in files and folders is practically a goldmine on the verge of exploitation. 

Let’s now suppose your personally identifiable information was present, even accessible but just not readable. Will the hacker succeed in securing your ciphered text? What are the odds of data being misused in this instance? 

Theft and manipulation of data are the two most likely outcomes of online fraud. Encryption makes it possible to convert sensitive data into a secret code, lowering the risks of infiltration, theft, and fraud. 

When the intended recipient accesses your data using a decryption key, the information is translated back into its original form. Because the data appears scrambled or gibberish to unauthorized users, personally identifiable information remains largely undeterred. 

To help keep you protected, Microsoft offers built-in file and folder encryption tools for Windows operating systems. The files or folders sport a padlock sign when you enable encryption, indicating the folder or file is password-protected. 

Below are a few pointers that will offer you advice on what encryption can and can’t do and how you can implement it.

Before that, let’s cover a few pointers to remember before encrypting files and folders:

  • An encrypted file can lose its encryption when transmitted via a network or email
  • You need to extract the contents of a compressed file or folder before encryption
  • Encryption doesn’t protect files and folders from deletion
  • It helps to take a backup of unencrypted data and store it offline 

Now that you understand the intricacies of file encryption, let's hop into the how-tos.

How to encrypt files and folders in Windows 10

There are two simple ways to encrypt files and folders on Windows 10, via Microsoft’s encrypted file system (EFS) or BitLocker. 

Encrypting files and folders using Windows encrypted file system

Microsoft’s EFS service offers support for encrypting individual files, folders, and directories in Windows 10 or any other Windows version since XP. To enable EFS encryption, follow these steps:

  1. Right-click on the file or folder you want to encrypt and select “Properties”
  2. In the “General” tab of “Properties,” click on the “Advanced” button
  3. In the “Advanced Attributes” dialogue box, under “Compress or Encrypt Attributes” section, checkmark on “Encrypt contents to secure data” 
  4. Click “OK”
  5. Click “Apply”
  6. If encrypting a folder, a window will pop up asking you to choose between “Apply change to this folder only” and “Apply changes to this folder, subfolders and files.” Select your preference and click “OK” to save the change(s) 

The encryption process is now complete, and Windows will automatically create an encryption key and save it locally to your PC. Files and folders you've encrypted with EFS will feature a small padlock icon in the top-right corner of the thumbnail. Only you can access the encrypted files or folders. But there’s more to it. 

To avoid file loss if the key gets corrupted, Windows will prompt you to backup the encryption key immediately after encryption. Backup your EFS encryption key with the following steps:

  1. In the “Backup your file encryption certificate and key” prompt, choose “Backup now” 
  2. Ensure you have a USB flash drive plugged into your PC  
  3. Click “Next” to create your encryption certificate
  4. Check on “.PFX” file format to export your certificate file and click “Next”
  1. Check the “Password” box to enter a new password 
  2. Navigate to your USB drive
  3. Name to your encryption backup file and click “Save” 
  4. Click “Next”
  5. Click “Finish”

Decrypting the encrypted file/folder is just as easy with the following steps:

  1. Right-click on the file or folder you want to decrypt and select “Properties”
  2. In the “General” tab of “Properties,” click on the “Advanced” button
  3. In the “Advanced Attributes” dialogue box, under “Compress or Encrypt Attributes” section, uncheck “Encrypt contents to secure data” option
  4. Click “OK”
  5. Click “Apply” 

Your file is readable again.

Note: The PC owner can access an EFS-encrypted file locally, but the files will remain inaccessible for all other user accounts. You may also use a DVD or portable hard disk to backup your encryption key.

Encrypting files and folders using BitLocker

BitLocker is a full-disk encryption solution that enables you to encrypt an entire hard drive at once. When combined with a PC’s trusted platform module (TPM), BitLocker can provide advanced security features, including hardware-level encryption. 

To check if your computer has a TPM chip, use Windows key + X combination to open the Power User menu and select “Device Manager.” Now, click on “Security Devices.” If your PC  has a TPM chip, one of the subfolders will read “Trusted Platform Module” with a version number. 

Your computer must have a TPM chip version 1.2 or later to support BitLocker.

Set up BitLocker on your Windows 10 PC, using the following steps:

  1. Press Windows key + X keyboard shortcut to open the “Power User” menu 
  2. Go to “Control Panel” > “System and Security” > “BitLocker Drive Encryption”
  3. Under the “BitLocker Drive Encryption” section, click on “Turn on BitLocker”
  4. Set a password and click “Next”

The encryption process is now complete. Like EFS-based encryption, you’ll have options to save a recovery key to regain access to your files if you lose or forget your password. 

Here’s is a list of options available:

  • Save to your Microsoft account
  • Save to a USB flash drive
  • Save to a file
  • Print the recovery

Select one of the four options and click “Next.” Next, choose how much of the drive you want to encrypt – the entire drive or only the used disk space. It’ll also prompt you to choose between two encryption modes: new encryption mode (best for fixed drives on your device) and compatible mode (best for detached drives you can remove from your device). Select one of the two options and click “Next.” In the next pop-up, check the “Run BitLocker system check” option and click “Continue.”

Finally, restart your computer. Upon reboot, BitLocker will prompt you to enter your encryption password to unlock the drive. Type the password and press “Enter.” You can verify BitLocker is turned on by looking for a padlock icon on your encrypted drive’s thumbnail. 

To disable BitLocker, open File Explorer, right-click the encrypted drive and select “Manage BitLocker.” You can suspend or altogether disable BitLocker for each drive or partition encrypted.  

Note: BitLocker doesn’t support dynamic disc encryption. Decryption may take a while, depending on the size of your encrypted drive. However, you can continue using your computer during the encryption. 

Wrapping up

A security system is only as strong as its weakest point, which is why it helps to take small but decisive steps toward data encryption. 

BitLocker can protect PCs’ operating systems against offline attacks, and EFS offers additional file-level encryption for security separation between multiple users of the same computer. You can also combine protections by choosing to use EFS to encrypt files on a BitLocker-protected drive. 

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Bridging the DevSecOps divide: Spotlight on key relationships
Whitepaper

Bridging the DevSecOps divide: Spotlight on key relationships

3 Dec 2021
Planned Parenthood cyber attack exposes data of 400,000 patients
cyber attacks

Planned Parenthood cyber attack exposes data of 400,000 patients

3 Dec 2021
Bridging the DevSecOps divide: Spotlight on zero trust
Whitepaper

Bridging the DevSecOps divide: Spotlight on zero trust

3 Dec 2021
Bridging the developer and security divide
Whitepaper

Bridging the developer and security divide

3 Dec 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021
Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021