How to Encrypt and Urgently Wipe your Data Securely

Take control of your data...

It is vital for activists in the Gulf to retain full control of their private information to prevent unwarranted third party access. Privileged information can be taken advantage of by government security services, hackers or other third parties with malicious intentions. By not retaining full and secure control over private data and information in the correct manner, activists and human rights defenders could be putting themselves and their contacts under risk of harm. This security advice notice highlights some simple steps that can be taken to secure data to prevent malicious third party access.

To begin securing your private information, you should first identify the type data you control, the extent to which you are comfortable with that data being in the public space and the amount of data you would like to keep private. Some information may need to be divided according to your own needs and the importance of that information. The responsibility of classifying this information falls on you, or the person that currently holds the information one your behalf, in order to conduct risk assessments associated with the data.

Encryption

As a general rule, any data held on electronic devices connected to the internet or other computer networks is vulnerable to unauthorised access. This vulnerability increases when insufficient attention is given to the importance of securing information to protect confidentiality and privacy. As such, it is strongly recommended that electronic devices such as mobile phones and computers are securely encrypted to ensure that the authority and means to de-crypt information on those devices remains with the owner. This makes it difficult for unauthorised third parties to access devices and the privileged information they hold. If your device is lost, stolen or confiscated by security services, encryption can be the key to preventing the relevant third party from accessing the device without the decryption keys.

Main ways to encrypt:

a) Complete memory encryption. This would ensure that your device memory remains wholly encrypted preventing access to its contents without its decryption keys.

b) Part memory encryption. This encrypts parts of your device memory which secures some of your information and files.

We will be covering complete memory encryption.

Devices running Mac OS, IOS or Android can be encrypted using their stock settings features and we recommend that you use them to secure your information.

How to Encrypt your Apple IOS Devices

1) Go to Settings.

2) Click on Touch ID & Passcode.

3) Click on Turn Passcode On.

4) After enabling your passcode, return to the previous page and scroll to the bottom.

5) You should now see “Data Protection is Enabled” which means your device is now encrypted and tied to your passcode.

How to Encrypt your Mac Devices

1) Click the Apple logo on the top left corner of your desktop.

2) In the dropdown menu, click on System Preferences.

3) In the menu, click on Security & Privacy.

4) On the top menu, click on FileVault.

5) In the bottom left corner, click on “Click the lock to make changes.”

6) Enter an administrative name and password to make changes.

7) Then click “Turn On FileVault”.

8) You will then be asked to enter a password that will act as your decryption key. Make sure to use a strong and hard to guess password and to save it in a secure location. Do not lose your password as you won't be able to access your encrypted files without it.

How to Encrypt your Android Devices

Note: Plug in your device charger to ensure your device does not turn off during the encryption process.

1) Go to Settings.

2) Click on Security.

3) Click on Encrypt Phone.

4) You will then be asked to enter a password that will act as your decryption key. Make sure to use a strong and hard to guess password and to save it in a secure location. Do not lose your password as you won't be able to access your encrypted files without it.

Your device will begin encrypting its contents.

How to Encrypt your Windows 10 Device.

Unlike Mac devices, Windows does not integrate encryption tools. Bitlocker on Windows 10 devices can be used to encrypt your files.

1) Make sure you are logged into your Windows account.

2) Click on the Windows search button on the dock and search for “Bitlocker”.

3) Click on Manage Bitlocker.

4) In the Bitlocker Drive Encryption screen, click on Turn on Bitlocker starting with your C Drive.

If this option is unavailable, it is likely your device does not support disk encryption.

How to Securely Wipe Your Data and Information.

Although it is important to ensure that your data and information remains secure and encrypted, it is equally as important to ensure that you are able to erase your data appropriately. This is important in situations when you plan to sell or otherwise dispense of your device to ensure that no information remains to be accessible by third parties.

When you try to delete any files from a device in the regular way -- by selecting the file and pressing the delete button -- it is still very easy for it to be recovered. Regular deletion doesn’t remove the actual data from your hard disk, but just removes the filename that identifies the data. So if you really need to prevent others from accessing your personal information, we need to take other measures.

Physically destroy the device

The most reliable and quickest way to destroy data from your device is to physically destroy the device (phone, laptop, tablet, external hard drive, USB flash drive, SD card). Just smash it with a hammer, making sure to get to break the inner parts as best you can. You can also throw it in a fire, but be sure to remove the battery first as that can cause an explosion -- and only burn it in an open ventilated space as the burning plastic will create a bad smell.

It might not always be feasible for you to destroy a device, in which case you can consider the options below after having weighed the risks and costs.

Factory reset (for mobile devices)

If your mobile device has “full disk encryption” (FDE) enabled (iOS, Android) already, then doing a factory reset will make all of the previous data on your device inaccessible. Just remember that any data that was on your phone before you enabled full disk encryption may still be recoverable. If your phone did not have FDE enabled when you obtained it, then doing a factory reset will not prevent someone from recovering the data if they get it soon enough. Deleting data on your mobile device reliably is difficult, so if you face an imminent threat it would be best to go with the previous option of physically destroying the device.

IOS Devices

Source: Apple Support, https://support.apple.com/en-gb/HT201274

1) Click on Settings.

2) Click on General.

3) Scroll to the bottom and click on Reset.

4) Click on Erase All Content and Settings.

This will wipe all of the data and settings stored on your device. You should also make sure to remove the device from your iCloud account.

Android

1) Switch off your device using the power button.

2) After your device has switched off, hold the power button and volume down button simultaneously to go to Android System Recovery.

**(Note that this may differ between different Android devices).

3) Click on Wipe Data/Factory Reset.

Follow the steps shown on your device to erase your data.

Windows 10 Devices

1) Go to Settings.

2) Click on Update & Security.

3) Click on Recovery.

4) Click Reset this PC.

5) Click Remove Everything.

Mac Devices

1) Shutdown your Mac.

2) Switch on your device while holding the Command and R keyboard buttons to bring up the OS Utilities screen.

3) Click on Disk Utility.

4) Your device hard drives will show the left of the Disk Utility screen.

5) Click on the hard drive you would like to erase and then click Erase.

Third Party Secure Wipe (for laptops, desktops)

It is relatively easier to securely remove data from a laptop or desktop computer. There are several programs that will help you do this, we would recommend BleachBit. After installing, do the following:

1) From the “File” menu, select “shred files” or “shred folders” and choose any data that your want to delete.

2) Clean out your browser, system history, cache, temporary files, etc, by selecting the desired checkboxes in the left column and then push the ‘clean’ button.

3) From the “File” menu, click on “Wipe free space”. This will erase any data still on your hard disk that you may have previously deleted using the usual method. Note that this can take a long time (upto several hours, depending on the size of your hard disk), however this is essential if you believe you are facing an imminent risk.

Other programs that will perform these functions are Eraser and CCleaner. Remember that there is no going back once you wipe/shred any files, so be careful what you select.

If you want to remove ALL of the data on your hard disk and do a total fresh restart, then download and install DBAN. Again, this will clear every single file, leaving you with an empty computer, so use with caution.

Data in the Cloud

A great deal of our data also resides in the cloud -- eg in our online email (Gmail, Hotmail, etc), social media accounts (Facebook, Twitter etc), and online filehosting services (Dropbox, Google Drive, etc).

Because this information resides on servers that are not in our direct control, we can not use the options described above, however there are some steps that we can take:

1) Delete sensitive information information.

This means deleting emails (and empyting out the trash can), deleting photos and files, clearing private conversations etc. Remember that removing this data will make it inaccessible to you, but does not guarantee that it has become inaccessible for the company that runs the service (eg Google, Facebook, Twitter), and it is likely that they will keep it in their private record for at least a few months.

2) Secure your account.

Make sure you have strong and secure passwords for all of your online accounts and have enabled 2-step verification (Google, Facebook, Twitter). This will prevent outsiders from accessing the data in your online accounts.

3) Delete your account.

As a last resort, such as when deleting individual files and conversations would take far too long, you can consider deleting/deactivating your online account. Again, this will not remove the data from the server but will make it much more difficult for third parties to access it easily. Deleting your account may arouse suspicion, so weigh the risks before making a decision. Data with friends and contacts

It is likely that you have shared personal information with friends and contacts at some point. If they are not careful about how they store their data then it could be a major vulnerability for you also. Try to get in touch and ask them to follow the steps above securely remove any information that may put you at risk.