Keeping Data Safe

Feb 11, 2023
Reaction score
I am trying to harden my defenses against the possibility of someone stealing my computer and then extracting data from it that will lead to identity theft. So I have come up with how I think I want to do it, but want to check the strategy by you more knowledgeable folks.

I have a Legion 5i Pro gaming laptop with:
- Windows 11 Home
- Local account with a password, but this might change to MS account if they continue to close the work arounds that users are finding.
- i7-12700H
- 16 GB DDR5 RAM
- CPU IRIS graphics running for normal apps
- RTX 3070 for higher demand apps such as gaming
-1 TB Samsung NVMe SSD C: drive with Windows OS
- 2 TB Western Digital NVMe SSD D: drive for data
I think I have provided more system info than you need, but if you need more then I can certainly provide them.

I use the laptop for all of my computer needs:
- My company: books, invoicing, financial statements, government reporting, and corporate income taxes
- My personal finances: banking, investments, financial statements, and personal income taxes.
- Gaming
- KeePass password database with a very strong password

I currently have about 1.4 TB of data. Of that data, about 50 GB has information that would be high risk of identity theft. This includes Google drive and DropBox cloud storage which I use both for different purposes. I also have OneDrive but the bugs and issues make it unreliable and useless to me.

I share data between my laptop and my Samsung Note 9 cell phone via cloud storage (mostly via Google Drive). All sensitive data is stored in internal storage, and other data such as music, is on the SD card. Samsung phones will wipe clean after 10 failed login attempts, and I have an unguessable and complex password. So the data is quite safe on the phone.

I have two Western Digital external HDD for monthly back up of my 1.4 TB data. I back up the full 1.4 TB monthly to an external HDD which is stored in a safety deposit box at my bank, and I take old back up from a month ago and put it into a lock box, which I use for the next month back up.

So that is what it looks like now. My concern is that if someone breaks into my house and steals the very portable laptop, then the data is easily extracted by many methods. So I want to shut all the possible doors, and this is what I came up with, and want feedback and advise on ....

Step 1:
- In BIOS, make a BIOS admin password. Now a password is required for getting into BIOS
- In BIOS, make a user password. Now a password is required before it will boot.
I need the admin password to prevent someone going into BIOS and turning off the user password.

This prevents the many ways of defeating the password to start windows, which I won't get into the numerous ways it can be done. I plan to use bitlocker, so it is important the would be hacker can't get into Windows and with the click of a button, turn off bitlocker and un-encrypt it.

I will keep the need for a password when logging into my Windows Local Account.

Step 2:
- In Disc Management, shrink my C: drive to 800 GB
- In Disc Management, create a 200 GB E: drive for my sensitive data

Step 3:
- Put all sensitive data (company and personal books, etc) on the 200 GB E: drive
- Move all Windows personal folders (documents, downloads, etc) to the 200 GB E: drive
- Direct scanner to create files on the 200 GB E: drive
- Move OneDrive, GDrive and DropBox cloud storage folders to 200 GB E: drive

Step 4:
- Upgrade Windows 11 Home to Windows 11 Pro
- Use bitlocker to encrypt the 200 GB E: drive, no password
- Store the bitlocker recovery key in KeePass (KeePass database is on my laptop, cloud storage, on back up HDDs, and on my phone)

Question: If I use bitlocker to encrypt a drive containing cloud storage folders, does that mean the files are encrypted on the cloud, and therefore unusable by any other devices such as my phone?

Step 5 (maybe):
Question: Can I use bitlocker to encrypt the external HDD with password or would I need to use a the recovery key each time I want to access the data? Again, the recovery key would be kept in KeePass.

So that is the plan. I think it is pretty robust. It can still be defeated by removing battery on laptop motherboard to reset BIOS which defeats the user password, but that is highly unlikely for someone to do on a laptop due to difficult access.

I think it is a good plan but mostly I am wondering about encrypting the cloud storage like that. And wondering how to make the encrypted external HDD back ups useable.

I have never used it, but Bitlocker looks ideal for this but maybe there is another product? I have WD drives, so maybe thier free software is a better choice?

I look forward to your feedback and advice.

Ouch, I just realized that this is Windows 10 forum, and I am on Windows 11. Very sorry for my mistake. But I think the question is still valid because really, the same identical question can be asked if I was on Windows 10. So I will leave this question up and look forward to any advice or comments you might have.
Last edited:


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question