Recommendation for encryption of mobile devices and devices exposed to particular threats

If important work data or (personal) data relevant to data protection are stored, care must be taken to ensure that they cannot fall into the wrong hands. It is therefore recommended that encryption be used at least on all mobile devices (notebooks, tablets, etc.) used for official purposes, if possible already at the level of the operating system.

For the Windows operating system, the (version-dependent) integrated encryption Bitlocker can be considered suitable. Under Linux, the use of DM-Crypt (cryptography module of the device mapper in the Linux kernel), possibly with the LUKS extension, can also be considered suitable.

For the Apple operating system MacOS, too, the option of encrypting user data integrated in the operating system appears to be a suitable method of countering the most frequent threats (FileVault).

The recommendation for Windows encryption is VeraCrypt

A master key must be stored for encrypted devices/hard disks, especially if no other rules exist for the regular central storage of work data and results.

Smartphones and tablets must also be operated in encrypted form. Integrated methods exist for the widely used operating systems Android, IOS and Windows Phone.

In view of ongoing discussions about the role and involvement of secret services of various countries, no general statement can be made about the security of the tools mentioned and others.
It seems to continue to provide sufficient security at least for the goal of protection by theft in normal theft offences.

Further information at: