This series is for educational purposes only. To get back to top-level table click here.
Your final line of defence is the encryption on your physical device when data is at rest. This is extremely important to keep up to date on and not take lightly!
If you fail to stay up to date, the shit you setup 5 years ago is going to be trivial to break and all that work was for nothing.
There are two places you need to encrypt…
Any HDD, SSD you’re booting from should be encrypted during OS installation. These days every OS has a default method of doing this, and it should work well enough for you.
You’ll also want to encrypt any external media you’re storing sensitive data on.
The current most recommended tool is veracrypt
$ cd content && tree