BitLocker Drive Encryption is a Microsoft data protection feature that integrates with your Windows 10 operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. Simply put, should your desktop or laptop fall in the wrong hands for whatever reason, you will have some peace of mind when you’ve enabled this security feature. Below is a practical accounting of what you need to know.
Premium encryption for your organization’s computers? Traditionally you would have to buy an encryption tool for such a thing, but when you have Windows 10 Pro, Enterprise, or the Education edition you gain FREE access to Bitlocker Drive Encryption, no license needed.
It should be noted that BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later, which is a manufacturer installed hardware component found in many newer computers. Microsoft has provided a detailed guide on how to turn on Bitlocker, whether encryption is or is not currently available on your devices, here. Alternatively, as a part of our Managed Services, SIRKit monitors your company’s Windows PCs to ensure BitLocker drive encryption is enabled and in use.
Bitlocker offers tangible security for tangible risk. Comprehensive protection from offline attacks is a concept that users get right away. Some business owners don’t quite connect to the seemingly convoluted nature of cyber crime and malware protection software, but when it comes to this security tool, buy-in for this free (with Windows 10) is seamless.
The concept is simple. At some point in time someone on staff left a company laptop on a cafe table or exposed in the office overnight. Or worse, it may have been stolen. The subsequent worry is excruciating as you run through the scenarios of what can happen should the computer fall in the nefarious clutches of a criminal or mischievous person. Alternatively, you may find yourself stressed on business trips, worried about the laptop back at the hotel while you attend sales meetings or trade shows. Bitlocker Drive Encryption exists to ease all of theses concerns because it prevents access to the physical computer, ensuring that data and hardware has not been tampered with while the system was offline. In addition, if someone was able to remove the drive and attempts to read it on another computer, they won’t be able to when BitLocker has been enabled.
Proper adoption of multi-factor authentication (MFA) tops our list of cyber security measures in 2019. BitLocker accounts for this too, by offering the option to lock the normal startup process until the user supplies a PIN or inserts a removable device with a startup key, such as a USB flash drive. This security measure provides you with the assurance that company computers will not start or resume from hibernation until presented with a PIN or startup key.
You may be concerned about tight computer security should you need to remove access from a former staff member who quit or has been terminated without enough notice to perform the proper exit procedure. Have you ever had an employee promptly leave the company, and be left without access to his/her computer? It’s a familiar story. However, there is a Remote Server Administration Tool known as BitLocker Recovery Password Viewer, which enables the domain administrator and delegated parties to locate and view BitLocker Drive Encryption recovery passwords that have been backed up to Active Directory Domain Services (AD DS). So, even if a staff member departs with little to no notice, you can recovery the password immediately, change it, and block their access.
The BitLocker Recovery Password Viewer can assist in disaster recovery when should you need to quickly change access, but within BitLocker Drive Encryption Tools is a command-line feature known as repair-bde which assists in disaster recovery scenarios in which a BitLocker protected drive cannot be unlocked normally or by using the recovery console. When a device has been encrypted with BitLocker, the repair tool assists administrators in reconstructing and recovering data from a corrupted or damaged disk volume. For instructions on how to use this feature, including system requirements and installation instructions, click here.
Contact SIRKit today to find out how we help you leverage this Microsoft security tool (and more) as a part of our Managed Services.