Hard drive encryption

[Computer_Freak]

Hi All

I recently updated our work PC’s and looking to beef up the security of them as we have some sensitive data and live in a high crime country where break-ins and theft happens way too often.

I want to encrypt our hard drives but confused about something.

Let’s say the PC gets stolen and I have activated the encryption using bitlocker, can the hard drives be removed and put in another PC and data removed there (I’m assuming not as this is the point of encryption?).

The nvme SSD have hardware encryption. How do I activate this to reduce the system performance tax software encryption incurs?

Will I have to insert the key on every startup?

Apologies for the newbie questions, this will be the first time I’m attempting this.

I appreciate the assistance!

 

[Couriant]

Once BitLocker is enabled, then regardless of what computer the drive goes into, it will ask for the BitLocker key. The only way they can get data off from the drive is if they take the computer too.

Typically if the computer is joined to a domain network, then the recovery key is usually stored in Active Directory if everything is automated by your company's setup. If you were manually setting up the BitLocker, then it will give you the option to store on a usb, text file, or add to an Azure account. Considering your geographical location, I would not recommend the USB/Text file options.

You can also add further security by having a BitLocker PIN before booting to Windows,. (that may be an Enterprise option)