What file encryption is, and how to encrypt files on any device

What is file encryption?

File encryption is an encryption method of converting readable data (plaintext) into scrambled, unreadable content (ciphertext) using an algorithm and an encryption key. Only someone with the correct key can decrypt the file and access its original contents.

Modern encryption relies on well-tested cryptographic ciphers that transform data in a way that makes it unreadable without authorization. The strength of encryption depends on the algorithm, the length and randomness of the key, and how securely that key is stored.

File encryption is different from communication encryption (such as secure messaging) or database encryption. It applies specifically to data at rest, such as documents, images, videos, and backups, and stays in place wherever the file is stored or shared.

Why is file encryption important?

Whether you’re backing up personal files or handling sensitive business data, file encryption helps ensure that only authorized people can access your information. It protects files if a device is lost, storage is compromised, or data is shared unintentionally.

Protecting your personal data

You don’t need to be a celebrity or CEO to be a target of data theft. Personal data is valuable to hackers, scammers, and sometimes even people close to you. File encryption supports selective protection, meaning you can encrypt only the files that contain sensitive information instead of locking down everything on your device. 

Encryption helps you keep control because it:

• Prevents identity theft if your laptop or phone is lost or stolen.
• Secures sensitive files like tax returns, ID scans, or private messages.
• Keeps other people (from nosy roommates to hackers) out of your stuff.
• Adds an extra layer of security when sharing files online.

Meeting compliance and business requirements

If you’re handling customer, employee, or financial data, encryption is the law — regulations like the GDPR, HIPAA, and PCI DSS all require it. Using encryption provides multiple critical benefits for your business, including helping you avoid fines, lawsuits, and data breaches. It also ensures sensitive data stays protected during transfers or storage, as well as making your business more resilient to cyber threats.

Let’s take a look at a few different legal requirements:

• GDPR (General Data Protection Regulation). GDPR requires organizations to implement appropriate technical measures to protect personal data. Encryption is specifically mentioned as a safeguard that can reduce liability in the event of a breach. Encrypted files may also lower reporting obligations if stolen data is rendered unreadable.
• HIPAA (Health Insurance Portability and Accountability Act). HIPAA requires covered entities and their partners to protect electronic protected health information (ePHI). File encryption helps secure medical records, test results, and internal documents, both at rest and during internal transfers.
• PCI DSS (Payment Card Industry Data Security Standard). PCI DSS mandates encryption for stored cardholder data and limits access to sensitive payment information. Encrypting files that contain payment details reduces exposure and helps meet strict audit requirements.
• Industry-specific regulations. Many sectors have their own data protection rules, including finance, legal services, education, and government. These often require encryption, access controls, and auditability for sensitive files such as contracts, client records, or internal reports.

How does file encryption work?

File encryption may sound complex, but the process follows a clear, predictable sequence. It takes readable data and transforms it into unreadable code, then reverses the encryption process when access is authorized.

What happens behind the scenes:

1. 1.You select a file to encrypt.
2. 2.An encryption algorithm processes the file in blocks, applying mathematical transformations that convert the original data into ciphertext.
3. 3.An encryption key controls how those transformations work and is stored securely by you, the operating system, or the encryption software.
4. 4.When the file needs to be opened, the correct key triggers the reverse process, decrypting the ciphertext back into readable data.

The strength of file encryption depends on several factors, including the algorithm used, the length of the key, and the quality of randomness involved in key generation. Modern standards like AES encryption (e.g., AES-256) are considered extremely resistant to brute-force attacks with current computing capabilities.

Types of encryption algorithms used for files

Different encryption algorithms protect files in different ways. In practice, file encryption relies on three main approaches: symmetric encryption, asymmetric encryption, and hybrid encryption. Each plays a specific role depending on how files are stored, accessed, or shared.

How to generate and protect the encryption key

The strength of your file encryption depends heavily on the quality and security of your encryption key. It’s the digital key to a locked vault — if it’s weak, lost, or stolen, the encryption protecting your files becomes ineffective.

To generate and protect a strong encryption key:

• Use true randomness. Never rely on guessable passwords or reused credentials. Strong encryption keys should be generated using secure random number generators, often built into modern encryption software.
• Store keys securely. Encryption keys should be kept in protected environments such as password managers, encrypted key vaults, or hardware-based storage devices. Hardware security keys, like USB security tokens or hardware wallets, keep keys isolated from your operating system and malware.
• Avoid reusing keys. Using the same encryption key across multiple systems or files increases risk. If one key is compromised, everything protected by it is exposed.
• Rotate keys periodically. For long-term or business use, rotating encryption keys on a schedule limits the damage if a key is ever leaked.

Some tools also support end-to-end encryption, meaning encryption keys are generated and held only by the user — not the service provider. This approach ensures that even the software or cloud service used to store or sync files can’t access their contents. When choosing encryption software, key management options should be just as important as the encryption algorithm itself.

Which files should you encrypt?

You should secure files that you don’t want others to see, including:

• Personal files. Photos, private videos, ID scans, tax returns, medical info, saved login details.
• Business files. Contracts, client records, HR documents, financial reports, proprietary data.

Also, consider encrypting:

• Backups and anything stored in the cloud.
• Metadata (file names, sizes, timestamps), especially in sensitive environments.
• PDFs, voice notes, synced notes, and other "miscellaneous" files people often forget about.

When deciding whether to encrypt your files, just ask yourself, "How would I feel if a stranger stole and viewed this file?" If that’s something you wouldn’t want to happen, encryption is a good idea.

File vs. folder vs. full-disk encryption

Not sure whether to encrypt individual files or entire folders — or lock down a whole device? The right approach depends on what you’re protecting and how you access or share that data. File, folder, and full-disk encryption each serve different use cases and offer different levels of control and coverage.

Let’s see how each type differs from the others in the table below.

When to use each

Use file-level encryption when:

• You need to share specific encrypted documents.
• Only certain files contain sensitive data.
• You want maximum control over individual items.

Use folder-level encryption when:

• You have related files to encrypt together (e.g., project folders).
• You’re using cloud storage and want to encrypt specific folders.

Use full-disk encryption when:

• You’re encrypting a laptop or portable device.
• Everything on the device needs protection.
• You want set-it-and-forget-it security.

What is the best way to encrypt files?

No single “best” method exists. The right approach depends on what you’re encrypting, how often you need access, and whether you’re sharing files with others. Once your data is encrypted, the next step is sharing those files securely without exposing them in transit.

For personal use

The right encryption option for personal files depends on how you use and share them. Below you’ll find the most common approaches, from quick one-off protection to more secure long-term storage.

• Quick and simple encryption: Password-protected ZIP files offer free, widely supported encryption for occasional file sharing and basic protection (e.g., built-in ZIP tools on Windows/macOS, 7-Zip).
• Built-in operating system encryption: Native device encryption, such as FileVault, Windows EFS, and Android/iOS encryption, protects data stored on a device and works well for ongoing security, but isn’t ideal for sharing individual encrypted files.
• Higher security needs: Encrypted cloud storage solutions encrypt files before upload and keep them secure during storage and sharing, making them suitable for regular use and secure file sharing (e.g., NordLocker and similar services).

For business use

Business encryption needs vary based on team size, data sensitivity, and regulatory requirements. The examples below show how different types of businesses approach file encryption in practice.

• Small teams: Cloud encryption tools with team features enable secure collaboration, controlled access, and file protection for shared projects (e.g., NordLocker Business and other team-focused encrypted cloud platforms).
• Enterprise environments: Large organizations typically use managed file transfer solutions or volume-based encryption with centralized key management to support large-scale operations and internal data protection (e.g., enterprise-grade encryption platforms, VeraCrypt for drive and volume encryption).
• Compliance-driven use cases: Regulated industries require encryption solutions that meet legal and industry-specific standards and support auditing and oversight, making them suitable for handling sensitive data in healthcare, finance, e-commerce, and similar sectors.

Encryption software comparison

Different encryption software is designed for different needs, from simple file protection to secure storage and team collaboration. The table below compares common encryption options based on how they’re typically used, the platforms they support, and the level of control they offer.

When choosing encryption software, focus on ease of use, platform compatibility, whether cloud storage is needed, and how files will be shared. For most users, a cloud-based encryption service like NordLocker offers a practical balance between strong security and everyday convenience.

How to encrypt files on your device

Whether you’re securing one document or a full folder, the basic steps are the same:

1. 1.Choose your file(s) or folder(s). 
2. 2.Pick your encryption method or software.
3. 3.Use a strong, unique password or key.
4. 4.Store the key securely.
5. 5.Test decryption before deleting originals.

Below are quick guides for each major operating platform.

Linux file encryption

If you’re working from the Linux command line, GPG is a simple and reliable tool for encrypting individual files.

To encrypt a file, run: gpg -c filename
You’ll be prompted to create a passphrase, and GPG will generate a new encrypted file with a .gpg extension.

To decrypt the file later, run: gpg filename.gpg

For encrypting folders or setting up encrypted containers and volumes, tools like VeraCrypt or cryptsetup with LUKS are commonly used. LUKS (Linux Unified Key Setup) is the standard for disk and volume encryption on modern Linux systems. These tools support strong encryption standards such as AES-256 and integrate well with current Linux desktop environments.

Windows file encryption

If you’re using Windows Pro, Enterprise, or Education, you can encrypt files using the built-in Encrypting File System (EFS). This method is still supported in Windows 11 and works well for protecting individual files or folders without installing additional software.

To encrypt a file or folder with EFS:

1. 1.Right-click the file or folder you want to encrypt.
2. 2.Select “Properties” from the menu.
3. 3.Under the “General” tab, click “Advanced.”
4. 4.Check “Encrypt contents to secure data.”
5. 5.Click “OK,” then “Apply.”
6. 6.Choose whether to encrypt just the selected item or the folder and its contents.
7. 7.Confirm to finish.

Once encrypted, the file is tied to your Windows user account. Only someone signed in with your credentials can open it. It’s important to back up your encryption certificate when prompted — without it, you won’t be able to recover the files if you move them to another device or reinstall Windows.

Note: EFS is only available on Windows Pro, Enterprise, and Education editions. If you want to encrypt an entire drive instead of individual files, use BitLocker as an alternative. BitLocker provides full-disk encryption and is better suited for laptops and portable devices.

Mac file encryption

macOS includes built-in encryption options through FileVault and Disk Utility. FileVault is used for full-disk encryption, while Disk Utility allows you to encrypt individual files or folders.

Using FileVault for full-disk encryption

FileVault encrypts everything on your Mac’s startup disk and protects it behind your login password.

1. 1.Go to “System settings” > “Privacy & security” > “FileVault.”
2. 2.Click “Turn on FileVault.”
3. 3.Choose how you want to unlock your disk and set a recovery option.
4. 4.Allow the encryption process to complete (this may take several hours).

Encrypting individual files or folders with Disk Utility

If you only need to protect a specific folder, Disk Utility can create an encrypted disk image.

1. 1.Open “Disk utility” from “Applications” > “Utilities.”
2. 2.Go to “File” > “New image” > “Image from folder.”
3. 3.Select the folder you want to encrypt and click “Choose.”
4. 4.Select an encryption level (128-bit or 256-bit AES).
5. 5.Create and confirm a password for the encrypted image.
6. 6.Choose a location and save the disk image.

To access the encrypted folder later, double-click the disk image and enter the password. The encrypted image mounts like a regular folder while it’s open.

Android file encryption

Most newer Android devices have encryption enabled by default, especially those running Android 10 or later. Encryption is automatically applied once you set a screen lock, such as a PIN, pattern, or password. If you’re using an older device, you may need to enable it manually.

To check or enable encryption on older Android devices:

1. 1.Go to “Settings” > “Security.”
2. 2.Tap “Encrypt phone” or “Encrypt tablet” (the wording may vary by manufacturer).
3. 3.Follow the on-screen instructions and make sure your device is fully charged or plugged in.

Note: On modern Android phones, file-based encryption is enabled automatically when a screen lock is set, so there’s usually no separate encryption toggle to turn on.

iOS file encryption

All iPhones and iPads use built-in encryption by default as long as a passcode is set. The passcode is directly linked to the device’s encryption keys, which protect files stored on the device.

To check that encryption is enabled:

1. 1.Go to “Settings” > “Face ID & passcode” (or “Touch ID & passcode”).
2. 2.Set a strong passcode if you haven’t already.

Once a passcode is in place, file encryption is automatically active and protects sensitive data stored on the device.

How to send encrypted files securely

Once your files are encrypted, the next step is making sure they stay protected while being shared. Secure file sharing isn’t just about the encryption itself — it also depends on how you send the file and how you handle access credentials.

Follow these tips to send encrypted files securely:

• Use encrypted cloud sharing links. Cloud storage services with built-in file encryption, such as NordLocker, let you share files through protected links. Files remain encrypted before upload and after download, reducing the risk of exposure if the link is intercepted.
• Send encrypted email attachments carefully. If you attach an encrypted file to an email, make sure the file itself is password-protected before sending. Email encryption may protect the message in transit, but attachments can still be downloaded and stored elsewhere. Always encrypt the file first, then attach it.
• Share passwords separately. Never send the encryption password in the same email or message as the file. Use a different channel, such as a phone call, a separate messaging app, or a trusted password manager. This simple step significantly lowers the risk of unauthorized access.
• Use secure messaging apps when appropriate. End-to-end encrypted messaging apps can be useful for sharing small encrypted files or passwords, especially for short-term access. Even then, avoid sending both the file and its password in the same conversation.
• Generate strong, unique passwords. Weak or reused passwords undermine even strong encryption. Strong password generators help create and store secure passwords without relying on memory.

Real-world use cases of file encryption

File encryption shows its value in everyday situations as well as professional settings. It helps protect personal information, supports secure collaboration, and reduces risk when files move between devices or people.

• Protect personal memories. Family photos, videos, and journals deserve more than a basic cloud upload. Encrypting them keeps private moments private, even if an account is compromised.
• Secure financial and identity documents. Tax returns, pay stubs, ID scans, and insurance records can all be misused if exposed. Encryption prevents them from being read if they’re stolen or shared by mistake.
• Keep client files confidential. Contracts, invoices, proposals, and project drafts often contain sensitive details. Encrypting these files helps maintain client trust and professional confidentiality.
• Support remote and hybrid work. When files are sent between home devices, shared drives, and collaborators, encryption reduces the risk of leaks — especially when using public Wi-Fi or personal laptops.
• Protect internal business data. HR records, payroll files, internal reports, and strategy documents shouldn’t be accessible to everyone. File encryption limits access even inside an organization.
• Meet regulatory and audit requirements. Businesses handling personal, medical, or payment data can use file encryption to reduce exposure and demonstrate responsible sensitive data handling during audits or investigations.