MacMost Q&A Forum • View All Forum QuestionsAsk a Question

What Is the Best Way To Manage the Encryption Of Sensitive Data On a Laptop Where Performance Is Critical?

I’m now acting as the legal representative for a relative. I have files on my MacBook Pro (2018) that relate to their financial situation.

As a court appointee I’m charged with managing my relatives affairs, and by extension, I believe, protecting their interests with regard to the data I keep on my laptop.

The obvious thing to do is to turn on File Vault. However, I’m reluctant to do this for fear it would compromise performance.

I write music and need fast access to audio during playback and loading of samples.

Based on comments in earlier posts it would appear I also need to turn on Time Machine Encryption, but that’s not the only back up option I use. I also use Carbon Copy to clone my hard drives and Backblaze.

What impact would encryption have on cloud and clone back ups? Would it mean, for instance, that the contents of my hard drive would have to be saved again to my Backblaze account?

Does using File Vault mean that documents saved to Cloud Drive are also encrypted? Or is that a separate option that I have to turn on?

Would the best option be to purchase an additional laptop, and use that exclusively for anything related to my relative?

I’m also wondering if it’s possible to encrypt just a folder, or a small partition perhaps, rather than the whole disc?

If not available directly in MacOS is there a third party program that can do this?

The recent pandemic has also highlighted the need to record more information than I’ve done in the past with regard to my own affairs to ensure my loved ones can access my own accounts should I fall sick.

In a similar vein I’ve also been wondering about how to manage my digital accounts and on-line subscriptions in case the worst happens. It appears that using 1Password , or LastPass, would be the way to go for that though. Would you agree?
—–
Malcolm James

Comments: 13 Responses to “What Is the Best Way To Manage the Encryption Of Sensitive Data On a Laptop Where Performance Is Critical?”

    10 months ago

    First, two of the things you mention are already encrypted. Backblaze and iCloud Drive already encrypt the files. See https://www.backblaze.com/backup-encryption.html and https://support.apple.com/en-us/HT202303.

    As for encrypting your data on your Mac, FileVault is the right way to go. It shouldn’t really affect performance on a newer Mac like you have. It will take a while to encrypt once you turn it on, so do that at the end of the day or before a weekend if you go that route. You can also turn on Time Machine encryption too. That takes even longer, but it doesn’t bother you with it so you turn it on and a few days later it is done, with no real effort or delay on your part.

    You could just create an encrypted disk image and store all of these files on there. You do that in Disk Utility. https://macmost.com/two-ways-to-password-protect-files-on-your-mac.html Then when that disk image is backed up anywhere it is the same encrypted file so you are set. Maybe this is an easy option for you as long as the files involved are a small set of things.

    You could also get an external drive, encrypt it, and store those files on there. So you can even leave that drive at home and not have to worry about those files even being with you at all unless you need them. Maybe a simple USB Flash drive would work for this. But I would definitely get 2 (or 3) of them and make backups since these are important documents.

    As for your own passwords and such, using 1Password or the like is a good idea. But you can also just use the built-in Keychain on your Mac. If you store your login password, iCloud password and iPhone’s passcode in a safe place on paper for a trusted person to access, then they would be able to get access to your devices, iCloud account, and then in Keychain to your other passwords (in Safari or Keychain Access) and email accounts. You’d need both your Mac password and iPhone passcode to handle two-factor authentication.

    Jane
    2 months ago

    hi Gary, I am so impressed. Thanks. In creating a encrypted disc image (blank or folder) as read/write, “The document (NAME).pages is on a volume that is too small to support permanent version storage” warning comes up when closed. Increasing size didn’t help. Also warning that prev versions won’t be saved nor did Time machine back up previous versions either. I used single partition GUID. I tried sparse bundle since I read that only changes would be backed up by time machine. Suggestions Please

    2 months ago

    Jane: Does it say “too small?” I’ve seen that message before, but not with the “too small” part. It is simply saying that versioning for the file isn’t supported on that disk image. That’s when you make changes and then try to revert back to a previous version. Not sure what you are trying to accomplish here with this so it is hard for me to help. Why not just save the Pages document encrypted instead of messing around with a disk image?

    Jane
    2 months ago

    Gary, thanks for your reply. Yes it says exactly what I quoted. I was trying the disc image for estate purposes with very sensitive documents, but not greater than 100mb. Even when I selected 300mbs it still said the same thing. I guess I thought it would be more secure doing it this way, but have read that encrypted Pwd protected iWork docs are 256 bit. Is that true? If so maybe I’ll just keep it simple. :) PS> you are wonderful

    Jane
    2 months ago

    Gary, also, it’s so important to keep the document updated and I would like any other earlier versions to be saved in case I need to revert something back…perhaps this isn’t possible with an encrypted disc image? Thanks Jane

    2 months ago

    Jane: See my recent video on this. Just encrypt the Pages document. https://macmost.com/how-to-password-protect-documents-on-a-mac.html

    Jane
    2 months ago

    Is it the one on this same page or a newer one? I will have another look. Thanks again.

    2 months ago

    Jane: Sorry I forgot to include a link. I added it above.

    Jane
    2 months ago

    Hi Gary, thanks for the link. I did watch that excellent video before I found the one above on sensitive data. if I’m not mistaken, in the video you don’t mention the level of encryption used for the iWork documents. Is it 256 by any chance? I am unable to find a definitive answer on this. Thanks again. Jane

    2 months ago

    Jane: Not sure if it is 128 or 256. If you really need to make something ultra-secure with 256, then you may need to come up with a better solution, like a data vault app or password manager, not a word processing document.

    Jane
    2 months ago

    Hi Gary, Is there a way that the disc util encrypted disc image would allow me to update the pages document and not give me the “The document (NAME).pages is on a volume that is too small to support permanent version storage” warning comes up when closed. message…and is there a way to have time machine back up all protected versions I wonder?

    2 months ago

    Jane: You can try all of the different formats for a disk image, but I’m not sure which, if any, would allow you to do that. Time Machine really isn’t going to be very useful if you are putting your document in a disk image. I think you are overthinking it. Just use a Pages password-protected document. Unless you have an international spy agency after you, what are you worried about?

    Jane
    2 months ago

    haha you’ve got a good point. Thanks for your help. Take good care.

Leave a New Comment Related to "What Is the Best Way To Manage the Encryption Of Sensitive Data On a Laptop Where Performance Is Critical?"

:
:
:
0/500 (500 character limit -- please state your comment succinctly and do not try to get around this limit by posting two comments)