Encryption for files, folders and Network shares to protect data from hackers

I am trying to protect company proprietary data and employee personal information data that is stored on our file server.  It is physically locked up and safe so I am not worried about it being physically stolen.  
I want to protect the data as it moves through the network to HR or Accounting and also mostly from hackers that would attempt to steal our data.

> Not just physically stolen, but data extraction through hacker attacks and bots.
short answer: impossible (if you mean all data on your system)
long answer: you can only get close this requirement if you ensure that all your data is properly encrypted and only decrypted if necessary right before used

If all these attacks (bots, whatever) are an issue for you, is "stealing" data using screenshots an issue too? If so, my short answer becomes even shorter: impossible.

If you use https and secure ftp protocols, your network traffic should be sufficiently encrypted.

If you need to send larger packages of data, you can use 7-zip to strongly encrypt the data.

how does SSL/TLS protect from/against bots, trojans, screenshots?
just wondering ...

@ahoffman

Was your comment directed to me?

If so, I was addressing the parts of the question related to protection of data during transport.

I need to keep thieves out...not your average thief but state sponsored attacks...like from China...I won't say anymore.

What am I running?  Windows 2008R2 and Windows 7 along with a few remaining XP boxes.

SQL Server, Exchange Server, Deltek, Cobra, SharePoint...etc..

Seems they like using Phishing attacks to get in...

So you all think encryption is not the answer, but to lock down the house somehow?

We have a firewall
We have AV
The firewall is our ids at the moment
Number 4 and number 6 (ids) are problems because I simply cannot get upper management to spend money on IT.  They prefer to blame me, makes it easier than buying servers and appliances.
For years I have asked for money for an IDS/IPS and servers and licenses for "front ends" for our Exchange and Sharepoint to no avail.  They won't even spend he money to upgrade from the 32 bit XP machines we have to 64 bit Windows 7.

I am stuck...I get the blame...they question my competence and yet they won't purchase anything or hire any help.  I currently do everything...I can't monitor logs all day and do everything else.

plus, it's probably these same nuts that are in charge that are clicking on the phishing links.

> .. cannot get upper management to spend money on IT ...
no money for protection, that's thiefs heaven ;-)

so it sounds that you first need step 2. and 9. for your management, that's what all experts here explain again and again

however, what's the problem being blaimed if you still get paid for doing all with nothing?
*SCNR*

This is as good a place to stop as any...I think the answer is clear that encryption is not a magic bullet.  Looks like some serious attempts to "educate" uninterested employees on security is the answer.

Thanks to everyone for the answers and the discussion.  Moral of this story...security isn't free and if your management isn't serious about it and won't back you...do your best or go somewhere else.

yippie, another person who learned the (digital) security lesson ;-)
Good luck.

While there are plenty of free tools out there, it takes time and thus money to learn to use them. Windows and Linux have so many unused or under-used security settings that most people never know are there. But there must be discipline in the process or it all falls apart. There is no set it and forget it solutions.
-rich

I am setting up an ubuntu snort box right now, but I have to learn how to use it and who is going to monitor logs while I am busy handling stupid help desk calls?

Might try the Security Onion download, might help you get a handle on things as it makes using IDS and such easier to setup: http://securityonion.blogspot.com/
GL!
-rich