Protecting HR files

Posted on 2006-05-25
Last Modified: 2010-04-11
we have HR files stored on a desktop and server.  The files also get backed up to an external hdd as part of the server backup.

what is the best way to protect these files so that if one of the computers was stolen, the information is not readable/accessible?
Question by:zephyr_hex
    LVL 32

    Accepted Solution

    The only way to insure this is to encrypt the files.

    You can take a look at:

    though there are also many third-party encryption products, some with advantages over Microsoft.

    Whichever route you choose, it is important to have a recovery plan. This forum has regular postings from people with encrypted files who can no longer access their own files due to lost passwords, system corruption etc. Also, test the recovery plan before anything bad happens.
    LVL 51

    Assisted Solution

    > what is the best way to protect these files ..
    don't store
    the second best is encryption as metioned by r-k, but I'd use encryption per file 'cause you then can move the encrypted file from one system to another without loosing information. Try GPG (or PGP if you prefer comercial ones).
    LVL 5

    Assisted Solution

    A second for ahoffman's point - file by file encryption will make it easier for you to ensure all files remain encrypted at all times - e.g. when copied across the network, and when backed up etc.

    Points to remember though - ensure when the files are viewed / edited temp files are not left once the file is saved back to its encrypted state - e.g. word recover files etc.

    Also remember that the encryption system will only be as good as the authentication method - e.g. if you use keys ensure these are not stored locally on the machine otherwise someone taking the machine may end up with all they need to access the encrypted data. Perhaps consider 2-factor authentication such as using RSA tokens, or have users keys stored on encrypted USB keys that are never left in the machine when not in use.  If you use a system that relies on username / password ensure that the passwords are suitable complex, changed regularly and ideally that the system supports functionality such as locking users out and password aging (to enforce password changes)



    LVL 13

    Assisted Solution

    use microsoft EFS.

    its free and can be implemented easily.

    Just right click on the folder and goto properties.
    Click Advanced button on general tab.
    Check Encrypt content to secure data.
    When asked, apply on this folder and all child file and folder.

    Now you need to export the EFS certificate and then import the same to every user who needs to access those file.
    To export the cert.
    File->add/remove snapins->add->certificates->add button->my user account.
    Now expand the certificates-personal certificates

    now in right hand window you should see a certificate.
    Right click on it, all tasks, export
    make sure to export private key as well.

    Now all you need to do is to import it on other computers, from where you need to access it.
    to import follow the same procedure for exporting, just choose import instead of export.

    LVL 23

    Assisted Solution

    by:Tim Holman
    Look at specific HDD encryption, like  Also some good guidelines on
    LVL 1

    Assisted Solution

    Install safeboot

    One of the best products I have come accross for this kind of thing

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    How to sign a powershell script so you can prevent tampering, and only allow users to run authorised Powershell scripts
    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    This video discusses moving either the default database or any database to a new volume.

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now