Encrypting USB devices with VeraCrypt

Part of GDPR (General Data Protection Regulation – more here https://technologytamed.com/gdpr/) is assessing the way you store patient data. Many businesses use to removable USB drives which are then taken offsite. When assessing your GDPR risks you may decide that you would like to also encrypt portable drives you use that may contain personal data.

The following gives you step by step instructions on how to use one of the most popular encryption methods: VeraCrypt (which is derived from TrueCrypt).VeraCrypt will work on Windows, Mac, Linux and other operating systems.

Encrypting with VeraCrypt

The actual encrypting of the drive can take a long time, so allow plenty of time.

Install VeraCrypt

  1. Download VeraCrypt from https://www.veracrypt.fr/en/Downloads.html. Note that you can also download a PGP Signature to verify the download.
  2. Double click on the downloaded file and click I accept the license terms and click Next:
    Image of accepting the VeraCrypt licence
  3. Ensure Install is selected and click Next:
    Installing Vera Crypt
  4. Click Install:
    Setup Options VeraCrypt
  5. Click OK for both messages and then Finish.

Encrypting the USB device

  1. Connect your backup USB device. Note the drive letter that is assigned to this device (you may need to open File Explorer to check the drive letter):USB Drive LetterIMPORTANT NOTE: It is extremely important you chose the correct drive and device in the following instructions. If you do not there is the possibility that you could delete or encrypt data by mistake. If you do not feel confident doing this then we would recommend you get assistance from an IT professional or someone who is confident at identifying the correct USB device.These directions are given to you in good faith – the Technology Tamed team will accept no responsibility if you delete or encrypt data by mistake.
  2. Double-click on VeraCrypt:
    VeraCrypt logo
  3. Select Volumes, Create New Volume:
    Create New Volume in VeraCrypt
  4. Choose Encrypt a non-system partition/drive and click Next:
    Encrypt a Non system Partition Drive
  5. Select Standard VeraCrypt volume and click Next:
    Standard VeraCrypt Volume
  6. Click Select Device and select your device and click OK. Note it is very important to select the correct drive (you don’t want to encrypt or delete data on the incorrect drive – this is where knowing the drive letter can be helpful). Click Next:
    Checking drive letter
  7. Be very careful what you select in this window. Read the notes given on the window and then select whether to encrypt the volume and format it or Encrypt partition in place. IMPORTANT NOTE: if you encrypt the volume and format it ALL the existing data on the drive will be lost.
  8. Select the Encryption Algorithm you wish to use (the defaults of AES and SHA-512 are fine for most purposes) and click Next:
    Encryption Options
  9. You can use the Volume Size as a double check that you have selected the correct drive and then click Next:
    Volume Size
  10. Enter a password. We would recommend you enter a strong password of 10 characters or more, including upper case, lower, case, numbers and special characters.
    IMPORTANT NOTE: You will need to use this password if you wish to access the drive so ensure you type it in correctly and do not forget it!.
    Password
  11. Select whether you will be storing large files of more than 4GB and click Next:
    Large Files
  12. VeraCrypt includes a random pool. This is collected from you moving your mouse. So move your mouse as randomly as possible and don’t stop until the Randomness bar is fully green:
    Volume Format
  13. Click Format.
  14. If you have chosen the Format option you will be warned that all your data will be lost:
    Warning
  15. The USB device will be formatted. The green status bar gives you an indication of progress. Note that it takes a long time to encrypt, so be patient:
    Formatting
  16. The following two messages will be displayed when the encryption is complete:
    Warning 1
    Done
  17. Click Ok and then Exit.

 

Opening the USB device:

  1. Insert your USB device.
    Ignore any messages you get that the device needs to be formatted – this is because Windows no longer recognises the USB drive because it has been encrypted.
  2. Open VeraCrypt.
  3. Click Select Device:
    Select Device
  4. Select the Removable Disk drive that you want to open (similar to shown below). NOTE YOUR DRIVE LETTER MAY BE DIFFERENT TO THAT SHOWN:
    Select Drive G
  5. Click on Mount:
    Click Mount
  6. Enter your password and click OK:
    Enter Password
  7. You will see that the following message will be displayed:
    Please Wait
  8. The drive will be mounted. Note that it may not display the drive letter you expect and it may not display within File Explorer with the description you expect.
    Local Disk LNote that you will not be able to open the USB drive without VeraCrypt.

Rebecca Mansbridge
Technology Tamed Limited
March 2018