Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 436
  • Last Modified:

Protecting HR files

we have HR files stored on a desktop and server.  The files also get backed up to an external hdd as part of the server backup.

what is the best way to protect these files so that if one of the computers was stolen, the information is not readable/accessible?
zephyr_hex (Megan)
zephyr_hex (Megan)
6 Solutions
The only way to insure this is to encrypt the files.

You can take a look at:


though there are also many third-party encryption products, some with advantages over Microsoft.

Whichever route you choose, it is important to have a recovery plan. This forum has regular postings from people with encrypted files who can no longer access their own files due to lost passwords, system corruption etc. Also, test the recovery plan before anything bad happens.
> what is the best way to protect these files ..
don't store
the second best is encryption as metioned by r-k, but I'd use encryption per file 'cause you then can move the encrypted file from one system to another without loosing information. Try GPG (or PGP if you prefer comercial ones).
A second for ahoffman's point - file by file encryption will make it easier for you to ensure all files remain encrypted at all times - e.g. when copied across the network, and when backed up etc.

Points to remember though - ensure when the files are viewed / edited temp files are not left once the file is saved back to its encrypted state - e.g. word recover files etc.

Also remember that the encryption system will only be as good as the authentication method - e.g. if you use keys ensure these are not stored locally on the machine otherwise someone taking the machine may end up with all they need to access the encrypted data. Perhaps consider 2-factor authentication such as using RSA tokens, or have users keys stored on encrypted USB keys that are never left in the machine when not in use.  If you use a system that relies on username / password ensure that the passwords are suitable complex, changed regularly and ideally that the system supports functionality such as locking users out and password aging (to enforce password changes)



2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

use microsoft EFS.

its free and can be implemented easily.

Just right click on the folder and goto properties.
Click Advanced button on general tab.
Check Encrypt content to secure data.
When asked, apply on this folder and all child file and folder.

Now you need to export the EFS certificate and then import the same to every user who needs to access those file.
To export the cert.
File->add/remove snapins->add->certificates->add button->my user account.
Now expand the certificates-personal certificates

now in right hand window you should see a certificate.
Right click on it, all tasks, export
make sure to export private key as well.

Now all you need to do is to import it on other computers, from where you need to access it.
to import follow the same procedure for exporting, just choose import instead of export.

Tim HolmanCommented:
Look at specific HDD encryption, like www.pointsec.com.  Also some good guidelines on www.stolenlaptop.com.
Install safeboot

One of the best products I have come accross for this kind of thing

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now