Image: Getty Images/iStockphoto

You can–and should–protect your Windows computer with a strong and secure login password or other means of authentication. Perhaps there are specific folders and files on your PC for which you want an extra layer of security. Windows gives you a couple of options:

  1. You can simply hide a folder or file in File Explorer so that it’s not visible. The downside here is that someone can easily see the file by simply choosing to view all hidden files.
  2. Or, more effectively, you can encrypt the file. Encrypting adds a certificate to the file so that only you can access it. You can then back up the encryption key and add a password to further protect the file.

SEE: Windows 10 security: A guide for business leaders (TechRepublic Premium)

First, open File Explorer on your Windows computer. Select a folder or file (or files) that you want to hide. Right-click on your selection and select Properties from the menu. From the Properties dialog box, click the checkbox for Hidden. Then click OK (Figure A).

Figure A

If you’re still able to see the folder or files, that likely means the option to view hidden files is turned on. Click on the View tab and uncheck the box for Hidden Files. The files should then vanish (Figure B).

Figure B

Hiding folders and files is a simple process but one with a couple of obvious drawbacks. First, if you want to work with those files, you have to either unhide them or re-enable the option to view Hidden Files, which defeats the whole purpose of hiding them. Second, if someone does gain access to your computer, that person could easily turn on the option for Hidden Files, which acts like a red flag for any potentially secret or sensitive files.

A more secure option is to encrypt any folder or files you wish to safeguard. Windows offers a built-in encryption tool called Encrypted File Service (EFS). EFS is available in Windows 10 Pro, Windows 10 Enterprise, Windows 8/8.1 Pro, Windows 8/8.1 Enterprise, Windows 7 Professional, Windows 7 Ultimate, and Windows 7 Enterprise. If you encrypt a file with EFS, only you can access the file through your Windows account. Other accounts, even those with administrative privileges on the machine, will be unable to access it.

To set up the encryption, insert a USB stick into your computer, which you’ll use to back up the encryption key. Select and right-click the specific folder or files. Select Properties from the menu. At the Properties box, click on the Advanced button and then check the box to Encrypt Contents To Secure Data. Click OK (Figure C). Back at the Properties window, click OK or Apply.

Figure C

If you’re trying to encrypt a file or files, a message appears asking if you want to encrypt the file and its parent folder or only the file. If the file is encrypted but not its folder, and you modify that file, an unencrypted version of the file could be stored temporarily as you edit it. Plus, any new files you create in the folder would not be encrypted. Choose your preferred option and then click OK (Figure D).

Figure D

If you’re trying to encrypt a folder, a message asks if you want to apply changes to this folder only or to this folder, subfolder, and files. In this case, you’ll likely want to choose the latter option, which is selected by default. Click OK (Figure E).

Figure E

A message should then appear prompting you to back up your encryption key. Make sure a USB stick or other removable media is inserted into your computer. Choose the first option to Back Up Now. The Certificate Export Wizard pops up with a welcome screen. Click Next. At the next screen for file format, keep the default selections. Click Next. At the Security screen, enter and then re-enter a password to protect the encryption key. At the File To Export screen, type the name of the file you wish to store on the USB drive. Click Next. At the final screen, click Finish. A message will pop up telling you that the export was successful. Click OK (Figure F).

Figure F

As long as you’re signed into Windows with your own account, you’ll be able to access and work with the folders or files you encrypted. If another person signs in or tries to access the files without your account or the encryption key, that person will receive a message indicating that the document may be read-only or encrypted.

To decrypt the folder or files, simply reverse the process. Sign in with your account, right-click on the folder or files, select Properties. At the Properties box, click the Advanced button. Uncheck the box to Encrypt Contents To Secure Data. Click OK. At the Properties box, click OK or Apply. Choose the option to apply changes to the folder or the folder, subfolders, and files, or the file and its parent folder. Click OK. The folder or file is then decrypted (Figure G).

Figure G

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays