The standard file system used on Windows is NTFS. It allows you to use permissions to manage access control restrictions for data. For example, you can configure NTFS permissions to allow only particular users to access confidential documents. However, if there are users who have the necessary credentials to make permission amendments, they could simply alter those permission settings and gain access to the data.
Encrypting File System (EFS) provides an extra security layer in addition to authentication and NTFS access control permissions. EFS encrypts data through the use of an encryption key, ensuring that it can only be decrypted by a user who has access to the required encryption key.
What that means is: you need the password to access the file.
How to use EFS
Right click the folder of file you want to encrypt and select Properties from the drop down list.
The relevant folder/file properties dialog box opens. Click the Advanced button.
In the Advanced Attributes dialog box, tick the option Encrypt contents to secure data and click OK.
You are returned to the Properties dialog box. Click OK to continue. The Confirm Attributes Changes dialog box requests whether you want the encryption to apply to this folder only or apply to this folder, subfolders and files. Select your preferred option and click OK.
The encrypted folder will now appear Green (as shown below).
Before you encrypt anything, best to follow this Microsoft guide to backup your encryption certificate. Otherwise, in the event that your Windows installation becomes corrupted you may be unable to access these files. If you’re in Sydney, I can help you out with data recovery.
If you want to decrypt a file or folder, perform similar steps as above except untick the option Encrypt contents to secure data in the Advanced Attributes dialog box.