The ability to save digital files both safely and securely on a personal computing device or upon a cloud storage service is fast becoming an important task for anyone using a computer or smartphone in the modern world.
Not only does the storing of data in the most secure way possible help protect the data itself form potential theft or cyber security issues, but also helps protect the personal privacy of the data owner as well. This protection is due to the fact that said data could always contain sensitive personal information (including financial and location data) which ideally shouldn’t ideally be shared with anyone else at all.
In this guide I will be highlighting and explaining some of the many security risks which are often associated with storing data both on locally attached storage devices as well as upon the cloud. I will then be highlighting how data can be stored more securely and show how several simple concepts and solutions can be brough together to help mitigate many issues which might otherwise come from unsecured data, vamos.
- Secure & easy to use
- Full disk encryption
- AES, Serpent, & TwoFish
- Free & open-source
How is Digital Data Potentially Insecure?
When using a typical personal computer (or MacOS device), any digital documents saved or stored upon the device will be kept in an unencrypted state by default. This means, for example, should your device ever become physically lost or stolen in any capacity, any data stored upon it might also fall into the wrong hands as well.
Even if your device is password protected (for example, via a Windows account login) it will still most likely be possible for any data to be extracted from the device without knowledge of this password in such circumstances. This is thanks both to the data being stored upon the disk in an unencrypted state, by default, plus the ability for someone with some advanced IT knowledge to directly access the physical disk and copy its contents to another device (upon which it can then be read).
Top 5 data encryption software:
Below is a quick look at the top 5 data encryption software tools mentioned in this guide, scroll down further for the full and detailed list of data encryption software titles.
| Provider | Solution | Pricing | Website | |
|---|---|---|---|---|
| 1 |
 |
VeraCrypt | Free & open-source | |
| 2 |
 |
Cryptomator | Free & open-source | |
| 3 |
 |
ZIP Pro 4 | From $40 | |
| 4 |
 |
7-Zip | Free & open-source | |
| 5 |
 |
Steganos Data Safe | From $39.99 |
Moving on past this issue of anyone having physical access to a device potentially also having access to the data stored upon it and we see another data security issue arise, in this case relating to storage of data upon the cloud.
Cloud storage, whilst undoubtedly very useful and becoming ever more popular, might also leave any data stored upon it in an unsecure state. Some cloud storage services (such as those mentioned in my recent article on encrypted cloud storage services) do go to great lengths to ensure maximum security and privacy is applied to any data saved upon the cloud. Some cloud providers, on the other hand, do not focus on security so much, in many cases opting to make their service more user friendly and great value for money instead.
NB – A cloud storage provider not focusing on data security as their main selling point will still most likely be very secure overall in my own experience. Some cloud providers do, however, offer much higher levels of security (including zero-knowledge encryption) than others!
By storing data on an unencrypted cloud storage service, you are, at a minimum, potentially allowing any unscrupulous employees to see what is being stored. Worse still, should you store data on an unencrypted cloud and the provider ever become the victim of a cyber-attack, then any unencrypted data could potentially fall into the wrong hands, even if the cloud provider themselves do take precautions to try and prevent such issues (e.g., antivirus software might be used, however it is rarely 100% effective against all possible threats).
NB – Some cloud storage providers do encrypt data stored upon their own servers by themselves. This approach could still be subject to security issues given that the company and certain employees will still have the ability to decrypt the otherwise unencrypted data.
Finally, in this section, another area which could leave you data vulnerable to unauthorised access and theft is via the use of (unencrypted) external hard drives and USB flash drives. Whilst both of these highly portable devices are now very convenient and cheap to purchase, most are almost certainly unencrypted (although some are provided with encryption software) meaning if ever such a device is lost in a public place, then it could be recovered by a bad actor and the data it contains could be stolen!
How to Securely Store Data
So far, we have discussed some of the main ways in which data is often stored and explained some of the key issues which potentially leave it vulnerable to data theft plus or privacy issues which might also arise from data falling into the wrong hands. In this section I will be focusing on several key concepts and methods for storing data in a much safer way and helping to prevent such data security issues form happening in the first place.
Utilising Zero-Knowledge Encryption
I have already briefly mentioned encryption in this article, but the application of zero-knowledge encryption to all data which is being stored on a potentially vulnerable medium (such as cloud storage or even a personal computer) is without doubt one of the most effective means of keeping it safe and private.
Encryption of data basically means the scrambling of the file contents so as they can only be decrypted (or de-scrambled) by the original owner holding the encryption key required to perform such a task. This means even if a device holding sensitive data is ever lost, stolen or compromised in some other way, the chances are that any data stored upon it will remain safe given that it will be unreadable to anyone without the decryption key.
NB – Whilst there might be methods for cracking some types of encryption, these methods usually require very specialist knowledge to operate and expensive / powerful computers to boot. Furthermore, the use of strong AES 256-bit encryption, as is fast becoming the industry standard for many cloud storage providers, is generally considered to be very secure overall and virtually impossible to break when used properly!
Whilst encryption, in general, is a very powerful method for protecting any stored data upon a device or service such as a cloud drive, the concept of zero-knowledge encryption takes things a step further by making the encryption concept even more secure in the process.
Zero-knowledge encryption basically refers to the encryption of data taking place on a secure local device before it is then sent to be stored upon a storage medium, be this locally on one of the device’s own hard drives, an external hard drive or NAS device or even on the cloud. Performing such zero-knowledge encryption means that data is always encrypted whilst it is being stored and it will only be decrypted again when it is retrieved form such storage on the same or another authorised device (meaning any stored data is at no point stored in plain text or a readable form apart form on the authorised device itself).
NB – Whilst, for example, some cloud providers will store data in an encrypted state on their own servers, this encryption will be applied by the provider themselves on their own hardware meaning they also retain access to the decryption keys. Whilst this will rarely be an issue, it will always be less secure then zero-knowledge encryption given that the storage provider (in the case of cloud storage) will never have any access to the encryption key nor, in-turn, the data!
Turn on Device-Level Encryption
In addition to applying strong zero-knowledge encryption to any data which is stored upon a potentially vulnerable medium (such as cloud storage or on a USB flash drive), we can also apply encryption to an entire device itself in certain circumstances.
In the case of certain modern versions of the Windows operating system, users can enable and configure the Microsoft BitLocker service to automatically encrypt an entire disk (or even multiple disks) which make up a Windows PC system. This means that everything within the protected system including any user data, device settings and the operating system itself will remain strongly encrypted using either 128-bit or 256-bit AES encryption.
When in-use upon a system, BitLocker can also be extended to protecting removable drives such as external hard drives as well as providing additional (more advanced) support for verifying the integrity of the Windows boot process to ensure it has not been tampered with at any stage (for additional malware protection).
NB – Whilst BitLocker does not feature any formal support for encrypting 3rd party cloud storage, it is possible to still leverage such protection by creating a virtual hard drive (VHD) within Windows, mounting the VHD and applying BitLocker protection and then storing the virtual drive upon a 3rd party cloud service later on.
MacOS users can also encrypt their entire device via use of the built-in FileVault service which is included on (but not activated by default) all modern Mac devices. Once enabled, FileVault will encrypt the entire Mac device and its disks which includes the operating system, device settings plus any user data amongst other items.
Physically Secure any Storage Media
So far in this section we have seen how the application of strong zero-knowledge encryption provides one of the best methods for securely storing data, especially so when it is automatically applied via the use of a service such as Microsoft BitLocker which ensures everything remains encrypted at all times.
Whilst it is in no way a direct alternative for strong encryption, the physical security of any devices or storage media being used for storing sensitive or important data should also be considered as well. This means, in reality, being sure that devices storing data are not easily accessible (or “on show”) and, wherever possible, kept in locked rooms or, in the case of backup devices or storage media, kept in locked safes when not in use.
Secure Data Storage FAQs
Whilst the exact answer to this question might differ depending upon individual circumstances, one of the safest places to store digital files would be on a non-internet connected device kept in a secured location which is also making use of strong AES 256-bit encryption for any data stored upon it.
One of the safest ways to store files online is to make use of zero-knowledge encrypted cloud storage. By automatically applying strong zero-knowledge encryption to all data stored upon their service by default, some cloud providers offer cloud storage which leaves any data stored upon the service very safe and secure (even if the providers systems are ever compromised in any way).
There are multiple highly rated and free-to-use encryption tools available as of today. Some popular and free-to-use choices include VeraCrypt, Cryptomator, 7-Zip and NordLocker amongst many others.
One of the easiest ways to work with encrypted files would be to make use of specialist third party encryption software which can mount encrypted containers as virtual drives within the operating system being used. By mounting any encrypted containers as virtual drives, new files can easily be dragged-and-dropped into the container or dragged out again with encryption or decryption happening automatically in the background.
Yes, there are numerous third-party applications which provide secure file encryption services both for individual files as well as entire volumes and disks. Some popular options to try include VeraCrypt, Cryptomator and 7-Zip which are all open-source and free to use tools featuring strong AES-256-bit encryption technology.
Tools for Applying Data Encryption
As we have already discussed so far, applying strong encryption is, without any doubt, one of the safest and most reliable methods for protecting any stored data. This, therefore, naturally begs the question of how best to apply such encryption and what software tools might be available to do so.
In this section I will be looking at several highly rated and commonly used utilities which can be used to encrypt data (or even encrypt entire devices) whilst also assessing the situations in which they might be useful. These are listed below and for each entry I have listed the key points for the software as well as a brief description on what it does and how it might be useful for protecting data.
IMPORTANT, PLEASE READ – When applying strong encryption to any data you MUST be sure to remember any passwords or encryption keys which have been set! If such passwords or encryption keys are lost or forgotten then it will become virtually impossible to recover any secured data!
1) VeraCrypt
VeraCrypt is a very powerful and versatile disk encryption utility, one which is open-source, free to use and is very capable of securely encrypting data via various different methods of work.
Some of the various different encryption methods available within VeraCrypt include the encryption of entire physical disks (including external disk devices and USB flash drives), encryption of logical disk volumes, support for encrypted virtual volumes plus the ability to create hidden volumes which can be stored within an already encrypted disk. Other security related functions include automatic dismount of encrypted volumes on power loss to a device, use of randomized salts plus application support for Windows, MacOS and Linux devices.
On a slightly more technical level, VeraCrypt provides support for encryption via the (very secure) AES standard with AES 128-bit, AES 256-bit and AES 512-bit keys all supported by default. Other encryption methods including Serpent (512-bit) and Twofish (256bit) are also supported within the application.
VeraCrypt is 100% free to use and open-source software, more information on the software itself and how to download and install it can be found via the official VeraCrypt website.
- Secure & easy to use
- Full disk encryption
- AES, Serpent, & TwoFish
- Virtual drive support
- Free & open-source
2) Cryptomator
Cryptomator is a 100% free to use and open-source encryption tool which makes the creation of both cloud-based and locally stored encrypted vaults quick and easy.
One of the biggest features of Cryptomator is just how easy it makes working with zero-knowledge encryption on systems and cloud storage services which might otherwise not be encrypted. For example, many popular cloud storage services (including Dropbox and Google Drive) don’t offer zero-knowledge encryption by default, Cryptomator therefore adds this additional secure layer meaning cloud users can always be confident their data is stored safely.
On a slightly more technical level, Cryptomator works by utilising industry standard (and very secure) AES 256-bit encryption and encrypted folders (or vaults) which can be created locally or on the cloud and store the encrypted data. Accessing encrypted data form a vault is as simple as entering the password / encryption key into Cryptomator and then allowing the software to mount the secure vault as a virtual drive on the operating system currently in-use.
Cryptomator is free to use and available for Windows, MacOS and Linux operating systems alongside smartphone apps for both iOS and Android. More information on the Cryptomator tool and how to download can be found via the official Cryptomator website.
- Easy to use software
- Cloud encryption support
- Windows, MacOS & Linux
- iOS & Android apps
- Free & open-source
3) Ashampoo ZIP Pro 4
ZIP Pro 4 is the latest version of the popular Windows archiving suite form software experts, Ashampoo. This is a powerful tool which, amongst many other useful file archiving features, also includes a dedicated file encryption tool providing many options for securely encrypting data.
Whilst the file archiving side of this application does provide scope for also encrypting data as it is added to an archive file (such as a ZIPX container), it is the dedicated encryption suite also included within the app which helps secure its place on this list. As can be seen in the image above, this encryption tool makes easy the configuration of encrypted containers and provides options for multiple encryption methods including the highly secure AES 256-bit variant amongst others.
Furthermore, also included within ZIP Pro 4 is a highly useful cloud management tool (the Ashampoo Cloud Browser) which makes easy the adding and downloading of files from one of multiple popular cloud storage providers (including Google Drive and Dropbox). This means not only is ZIP Pro 4 useful for easily applying strong AES 256-bit encryption to data, but also makes adding independently encrypted containers to the cloud much more straightforward than it otherwise might be.
ZIP Pro 4 is priced at one-off cost of $40 for a single perpetual licence with existing users able to upgrade to this latest version for just $10. More information on the ZIP Pro 4 software and its encryption abilities can be found via my own Ashampoo ZIP Pro 4 review or the official Ashampoo website Where a full 30-day free trial is also available.
- Full archiving suite
- 256-bit AES encryption
- Great cloud support
- Powerful archiving tools
- Pricing from $40 / PC
- Upgrade from just $10
4) 7-Zip
7-Zip is a free and open-source file archiving tool which is highly regarded thanks to its high degree of functionality and the number of included archiving features and formats which are supported.
Far beyond creating simple ZIP files, 7-Zip supports many file archive formats including its own 7z format alongside others including ZIP, RAR, CAB, and GZIP. Other features found within the tool include support for customising encryption and compression levels of archives (including specifying AES 256-bit and ZipCrypto encryption), creating self-extracting archives, encrypting individual files plus specialist tools for attempting to repair any damaged archives.
Other useful functionality within 7-Zip includes being able to split larger archives into multiple smaller files (e.g., 4.7GB sections for storing onto DVDs), specifying the compression levels and methods to be used, specifying word and dictionary sizes as well as fine-tuning performance by being able to specify the number of CPU threads the application can use.
7-Zip is 100% free to use and open-source software. More information on how to download and make full use of it can be found via the official 7-Zip website.
- Free & open-source
- Easy to use
- AES 256-bit encryption
- Self-extracting archives
- Archive splitting
5) Steganos Data Safe
Data Safe is a powerful data encryption tool from security software experts, Steganos. It is a tool which, above everything else, makes easy the process of securing files both locally and on cloud storage via the use of easy-to-use data safes (encrypted vaults).
Steganos have clearly developed a very sophisticated encryption tool in Data Safe, not only does it offer highly secure 384-bit AES-XEX encryption technology for maximum data protection, but also incorporates many other security features including multifactor authentication (2FA) for data vaults, secure file shredding abilities plus emergency access facilities for those who might require them.
Using Data Safe is also simple and straight forwards and the tool itself allows for the secured vaults to be stored locally, on network storage or on the cloud and then opened up as virtual drives within Windows (with all modern versions of Windows up to 11 currently supported).
Data Safe is priced form just $39.99 for a multi-device licence, more information on Data Safe plus some of the other security focused products on offer from Steganos can be found via their official website.
- Easy to use tool
- Secure 384-bit AES-XEX
- Good cloud support
- multifactor authentication
- Pricing from $39.99
6) WinZip (WinZip 27)
WinZip 27 is the latest version of the popular Windows file archiving tool, a tool which, amongst many other file archiving and management functions, provides support for applying strong encryption to any data stored within such archives.
As well as full support for both 128-bit and 256-bit AES encryption across all editions of the tool, WinZip also features many other security related functions which are built-into the software by default. Additional security features include support for hardware-based encryption (for faster encryption when supported), the ability to securely wipe any temporarily extracted (encrypted) files plus the ability to automatically update and replace an encrypted zip file upon any modifications being made.
Other notable features of WinZip include built-in file sharing and PDF management tools, file backup and job automation functionality, good support for many popular archive formats and compression methods (including ZIP, ZIPX, RAR and 7z amongst others) plus Direct Access technology to make working with cloud or network stored ZIP files faster and more reliable than before.
WinZip 27 is priced form just $34.95, more information on the software itself plus the full range of data encryption features can be found via the official WinZip website.
- Powerful archiving suite
- AES 256-bit encryption
- Self-extracting archives
- inc. ZIP, ZIPX, RAR & 7ZIP
- Pricing from $34.95 / PC
NB – As well as the use of dedicated encryption tools as are mentioned above, there are certain cloud storage providers which also automatically apply zero-knowledge encryption to all files stored upon their service by default. Be sure to check out my guide to the best zero-knowledge cloud storage services for more information on such providers and possible alternatives for easily encrypting data for those who might not want to make use of specialist software.
Most Secure Way to Store Files Summary
As this guide hopefully shows, the application of strong zero-knowledge encryption is without any doubt one of the most effective methods for securing digital files, regardless of where they might be physically stored!
Such encryption is especially important when storing data on unencrypted storage mediums (including external hard drives and unencrypted cloud storage services) and will effectively protect against both data theft and loss of physical devices which might otherwise be vulnerable if they fall into the wrong hands. Secure encryption will also add further protection to any devices which are otherwise considered somewhat secure due to said devices already being stored in safe and secure locations or being disconnected form the internet and so on.
