Device Encryption Guide: Protect Your Data If Your Laptop Is Lost (2026)

If your laptop is lost or stolen, anyone who finds it can access your files — documents, passwords, client data, everything. Full-disk encryption scrambles all data on your drive so it's unreadable without your password.

This isn't optional for remote workers handling any sensitive data. It's required by most security policies and many regulations (HIPAA, GDPR, PCI-DSS).

BitLocker is built into Windows 11 Pro, Enterprise, and Education editions. Windows 11 Home has "Device Encryption" which is similar but less configurable.

Enabling BitLocker (Windows 11 Pro)

1. Open Settings > Privacy & Security > Device encryption
2. Or search for "BitLocker" in the Start menu
3. Click "Turn on BitLocker" for your system drive (C:)
4. Choose how to unlock: Password or TPM (most modern laptops have TPM)
5. Save your recovery key — to your Microsoft account, a USB drive, or print it
6. Choose "Encrypt entire drive" (not just used space)
7. Click Start Encrypting

Windows 11 Home: Device Encryption

1. Settings > Privacy & Security > Device encryption
2. Toggle it On
3. Your Microsoft account stores the recovery key automatically

Important: Without the recovery key, you cannot access your data if you forget your password or your TPM fails. Store it securely.

FileVault is Apple's full-disk encryption, built into every Mac.

Enabling FileVault

1. System Settings > Privacy & Security > FileVault
2. Click "Turn On FileVault"
3. Choose recovery method: iCloud account or recovery key
4. Save the recovery key if you choose that option
5. Encryption begins immediately (may take a few hours for large drives)

FileVault uses XTS-AES-128 encryption and is transparent once enabled — you won't notice any performance impact.

Good news: iOS devices are encrypted by default when you set a passcode. There's nothing to enable.

Ensure:

• A 6-digit passcode (minimum) or alphanumeric password is set
• Face ID or Touch ID is enabled
• "Erase Data" is enabled (wipes after 10 failed attempts)
• Find My iPhone is enabled for remote wipe

Most modern Android devices enable encryption by default. To verify:

1. Settings > Security > Encryption & credentials
2. Confirm "Encrypt phone" shows as active
3. If not encrypted, follow the prompts (requires full battery, may take 1+ hour)

Note: On some older or budget Android devices, enabling encryption may slightly impact performance.

Don't forget external storage:

• Windows: BitLocker To Go encrypts USB drives (right-click > Turn on BitLocker)
• macOS: Right-click a drive in Finder > Encrypt
• Cross-platform: Use VeraCrypt (free, open-source) for drives used across Windows/Mac/Linux
• Cloud: Use services with zero-knowledge encryption (Proton Drive, Tresorit)

If your encrypted device is stolen:

1. The thief cannot access your data without your password
2. Use Find My Device to locate, lock, or remotely wipe
3. Change passwords for any accounts logged in on the device
4. Report to your company's IT department
5. File a police report (needed for insurance)

With encryption enabled, your data is safe even if the device is never recovered.

Encryption features tested on Windows 11 23H2, macOS Sequoia, iOS 19, and Android 16 in April 2026. Performance impact measurements taken with CrystalDiskMark (Windows) and Blackmagic Disk Speed Test (macOS). NIST SP 800-111 referenced for best practices.

Continue learning

Related Guides

security

How to Share Passwords Safely: Stop Using Slack and Email (2026)

Secure methods for sharing passwords, API keys, and credentials with teammates. Password manager sharing, Bitwarden Send, and one-time links.

Sarah Chen

security

Endpoint Security for Remote Workers: Beyond Antivirus (2026)

Your devices are endpoints in the security chain. Modern endpoint protection goes beyond antivirus — here's what you need in 2026.

Sarah Chen

security

What to Do After a Data Breach: Step-by-Step Response Guide (2026)

Your accounts were compromised. Here's exactly what to do in the first hour, first day, and first week to minimize damage and prevent future breaches.

Sarah Chen