Part 2 – Storage and Backup Encryption

Step 3: Now that participants have filled out the backup format template, ask them to review the types of information (and their respective importance or value) on their lists again – as they do so, have them consider what might happen if that information were to fall into the hands of an adversary, or if they were to lose that information entirely. What kind of impact would this have on them personally or on their organization?

Step 4: Now, introduce the concept of encryption to the group – explain that they likely encounter encryption quite often in their daily routines, as it is used in different ways across different tools and platforms. You can share, for instance, that HTTPS is itself a form of encryption for data “in transit” (data en route from point A to point B) whereas in this session, you will be discussing encryption for data “at rest” (data that is being stored in one location).

Step 5: Remind participants about how they were asked to download either Veracrypt or LUKS onto their computers. Give participants time to install and test out these tools, using external storage media (such as USB drives) and dummy files that they have prepared specifically for this session. Especially for beginner level participants, it is not advisable to do a full-disk encrypt of a computer hard drive just yet – you don’t want to run the risk of a participant accidentally losing access to any of their data during the training!