Key Takeaways
- Device encryption is crucial for protecting personal data on Windows 11 devices in the case of loss of theft.
- Most new Windows 11 PCs come with Device Encryption enabled by default, but older machines need to have it manually enabled.
- Encrypting external drives with BitLocker or VeraCrypt safeguards sensitive data when on the go.
Laptops and tablets let you get work done in parks, cafés, and even on flights. The downside of this freedom is the increased risk of mobile devices being lost or stolen. This makes device encryption an absolute necessity, so here’s how to make sure it’s enabled on your Windows 11 PC.
Why You Should Encrypt Your Windows Devices
Think about the information that’s stored on your laptop or tablet: banking details, private conversations, personal photos, logged-in social media accounts. If someone with bad intentions gets hold of all of that, they can steal your money, try to blackmail you, or try to scam your friends by impersonating you online. The damage that can be done with access to your whole digital life is only limited by the creativity of whoever found or stole your computer.
Device encryption prevents this. In layman’s terms, it scrambles all the data on your device so that it cannot be read without a decryption key. That key can either be something you enter when your PC starts, or it can be encrypted on the device itself and tied to your user account. This means that no one but approved users of your PC can use it or access the data on it, even if they physically remove the hard drive.
This extra protection also has a secondary effect: The more widely data encryption and features like remote device locking are adopted, the less attractive mobile devices are to thieves.
How To Enable Device Encryption in Windows 11
Most Windows 11 PCs are now shipping with device encryption enabled by default, which is great for anyone purchasing a new machine.
However, if you have an older machine that shipped before this change, or built your own PC, you’ll need to enable encryption yourself.
To do so, log in to your Windows 11 device as an Administrator and then right-click on the Start button and click “Settings” (the gear icon). Then, open “Privacy & Security” from the left navigation menu and select “Device Encryption”. From there, you can toggle “Device Encryption” to enable it.
Note that while devices that ship with Windows 11 should support the Device Encryption feature, it may not be available if specific hardware requirements aren’t met, such as the presence of a TPM.
An alternative is to use BitLocker (available in the Pro versions of Windows 11 and Windows 10). This isn’t quite as user-friendly, but still secures your data, letting you decrypt it and access your PC by manually entering a password when it boots.
Encrypting Removable Drives With BitLocker and VeraCrypt
If you regularly take your removable drives (like external hard drives or USB sticks) with you when you leave your home or office, you should also encrypt those if there’s sensitive business or personal data on them.
BitLocker can also be used for this if you only use Windows devices with BitLocker support.
If you use your USB storage on MacOS or Linux Machines too, an alternative is to use VeraCrypt. Veracrypt is also free, which means you can use it on any version of Windows.
You Need to Back up Your Windows Devices for Full Protection
In the event one of your Windows 11 devices is lost or stolen, you also need a backup copy of your data stored on a separate device, stashed in a safe location so that it is not irretrievably lost. It’s also a good idea to keep a third backup in the cloud as extra insurance against disaster.
With Windows 11 Device Encryption and an effective backup plan in place, you can travel safely knowing that your data is protected, and if you lose your device, you can just restore your backup to a new device and keep working from where you left off (if a little poorer for the experience).