Why Encryption Matters for Your Data Backups (And How to Do It Easily)

Credit: Jessica Brothers/Lucas Oliveira de Gouveia/MakeUseOf

Published Apr 2, 2025

Jayric is a Forensic Science graduate with over five years of writing experience and a passion for reverse engineering and hardware.

His tech journey kicked off in childhood with an old hand-me-down Nokia N91, where he repackaged Java games like a Symbian port of Pokémon Blue to tweak TMs and Poké Dollars. By high school, he was flashing custom Android ROMs and trading modded games for lunch money, and in college, he learned C/C++ and electronics on a TI Tiva C LaunchPad, then went on to create DIY projects ranging from USB security keys to home automation devices.

Jayric now enjoys writing at MUO to keep sharing and learning about tech while honing his own craft. Outside of tech, he enjoys grinding CS2 and Dragon Nest, lifting weights, running daily 5Ks, and reading in his greenhouse.

This article is part of a directory: World Backup Week 2025: Protect Your Treasured Data With MakeUseOf

Backing up data is essential, but encrypting your files prevents unauthorized access. Encryption converts your files into unreadable data, ensuring that even if your backup is compromised, your sensitive information stays secure.

MUO World Backup Week 2025 Banner

Why Backing Up Your Data Isn't Enough

A backup gives you a copy of your files in case of hardware failure or accidental deletion. However, if that backup remains unencrypted, it becomes an open invitation for hackers and unauthorized users. Unprotected backups can expose sensitive data such as personal photos, financial records, or work documents to anyone who gains access.

By encrypting your data into a secure file, only those with the correct password or decryption key can unlock the contents of your backup. Furthermore, encryption isn’t only about shielding data from other people. It also helps maintain privacy against unauthorized third-party access, including potential vulnerabilities in cloud storage services.

The bottom line is that while backups protect against data loss, encryption ensures that the backup itself does not become a security liability. So, start using encryption now and ensure you have more control over your privacy and security.

How to Encrypt Local Backups Easily

Implementing encryption might sound daunting, but the process is often pretty straightforward. Here are a few easy ways you can start encrypting your backups right now.

For Windows Users: BitLocker

Screenshot by Jayric Maning --no attributions required

Windows BitLocker is a great way to encrypt hard drives for local backups. Here’s how you can encrypt your data:

Connect your external hard drive to your computer
Open the Control Panel, navigate to System and Security, and click on BitLocker Drive Encryption.
Choose your external drive and select Turn on BitLocker.
Give it a password when prompted.
You can store the recovery as a text file or save it with your Microsoft Account. I don’t recommend printing your recovery key.
You will then be prompted to select an encryption mode. New encryption mode uses stronger encryption algorithms but can only be opened with Windows 10 or newer. Compatibility mode uses an older encryption algorithm but can work on older Windows systems.
Click Start encrypting.

After the encryption, you’ll notice that your external drive is marked with a lock symbol and can no longer be opened. Use your BitLocker password to open the drive. You can also use the recovery key if you forget your password.

This method will also work with other external storage drives like USB flash drives and SD cards.

For macOS Users: Disk Utility

Screenshot by Jayric Maning --no attributions required

Disk Utility is a native macOS feature used to encrypt hard drives. It's also easy to use and supports external hard drives, USB flash storage, and SD cards.

Connect your external hard drive to your computer. Make sure the drive is empty since we’ll need to format everything to add encryption to the drive. Only after encryption should you put your backup files in the drive.
Go to the Utilities folder and launch Disk Utility.
Reveal your external drives by clicking on View from the top left of the menu and selecting Show All Devices.
Select the drive you want to encrypt. Make sure that you’ve highlighted the root of the drive and not the folder under the drive.
Click on Erase.
You’ll be prompted to set up your drive. Give it a name, then select GUID Partition Map under Scheme to reveal the encryption options. Then select APFS (Case-sensitive, Encrypted) under Format.
Give it a password, then click on Choose. This will format your drive with encryption.

Remember, you’ll need to format the encryption on your drive before storing your backups on the device. Also, you won’t be given a chance to recover your passwords. So, use the password hint option and save them on your Apple Keychain if you have one.

For Ubuntu and Similar Distributions: LUKS

Screenshot by Jayric Maning --no attributions required

LUKS (Linux Unified Key Setup) is a popular utility tool for encrypting files on Linux. Here's how to encrypt your drives using the terminal:

Ubuntu has LUKS natively installed. In case you don’t have it on your system, you can install the app by opening the terminal and using:
```
sudo apt install cryptsetup
```
Identify your drive with:
```
lsblk
```
This will reveal all the recognized drives connected to your computer. Remember the location of your drive.
You'll need to first unmount the drive to format it. You can unmount your drive by using: sudo umount /dev/sdd1 Change /dev/sdd1 from the command to your specific drive location.
Format the drive for encryption.
```
sudo cryptsetup luksFormat /dev/sdb1 
```
Again, you need to change /dev/sdd1 to your target drive location.
Type YES in all caps when prompted, then give it a password.
To open the encrypted drive, use the following command:
```
sudo cryptsetup luksOpen /dev/sdd1 my drive
```
You can change my drive to any name you want.

LUKS offers an effective and transparent way to protect your Linux data. There is a GUI for LUKS known as luckyLUKS, but using the terminal is faster and more convenient.

How to Encrypt Files for Cloud Backups

Cloud storage provides convenience but also introduces risks if data is not pre-encrypted. Encrypting files before uploading them safeguards your data even in the event of a breach.

Easiest Option: Zipping Files with Encryption

NAR by Jayric M

Using compressed archives with password protection is a quick method to secure files:

Choose the files you want to back up.
Use tools such as WinRAR (Windows), Keka (macOS), or 7-Zip (Linux) to create an encrypted archive. Simply choose the option to compress/zip/archive a file with a password.
Enable AES-256 encryption during the compression process if available.
Store the encrypted archive in your cloud backup.

When using this method, it's important to set strong passwords to protect against brute force attacks. Though encryption keys using AES-256 are hard to crack, having a four-letter password won’t take much time to break. Try using long passwords with different character combinations. Alternatively, you can use tools to help you generate strong passwords that are hard to crack.

Advanced Option: PGP

Screenshot by Jayric Maning --no attributions required

For those who require advanced security measures, PGP (Pretty Good Privacy) encryption provides a robust solution. It can help secure drives and files and even encrypt individual emails. There are different ways you can use PGP. One of the most popular ways is by using a GUI known as Kleopatra.

Download Kleopatra Gpg4win on your device.
Launch Kleopatra and create a New Key Pair. Give it a name and your email address, and tick the Protect the generated key with a passphrase option.
To encrypt your files, click on Sign/Encrypt at the top left of the menu. Select your file, then click on Sign/Encrypt at the bottom of the menu.
You’ll then be prompted to give it a passphrase.

To open the PGP-encrypted file, right-click it, then open it with Kleopatra. Give the passphrase, then select where to store the unencrypted file. Though this requires a bit more setup, PGP provides better security as decryption keys are much more secure than plain text passwords.

What to Do After Encrypting Your Backups

While encrypting your backups makes your data safe from other people, it is still important to maintain the integrity and usability of your backups. Here are a few guidelines for you to follow:

Secure Your Encryption Keys: Store your passwords and encryption keys in a trusted password manager that supports multifactor authentication. Avoid writing your passwords/private keys on paper or unsecured digital files such as Sticky Notes if possible.
Regularly Check Your Local Drives: It is possible for data to be erased after a hard drive hasn’t been powered for several years. Regularly powering and checking your drives ensures that they maintain enough charge to continue storing your data.
Keep Software Updated: Regularly update your encryption software and backup tools. Manufacturers frequently release patches and security enhancements to address possible problems.
Document Your Process: Maintain clear documentation of your encryption methods and backup procedures. Perform periodic restoration tests to confirm that your encryption and decryption processes work flawlessly. Since backups aren't meant to be opened often, it may be hard to remember where you placed your password or how to use the decryption tools to unlock your files.

By following these encryption practices, your backups will remain secure, and your sensitive data will stay private. Whether you use BitLocker, Disk Utility, LUKS, or cloud encryption methods, you can be confident that your files are well-protected.