Stop Storing Files on Your Computer. Really!

Here is a way of thinking about your computer that most people have never considered: your device and your data are two entirely separate things, and treating them as if they belong together is one of the most common and costly mistakes in personal digital security.

Your laptop is hardware. It can be replaced. It can be insured. If it is lost, stolen, damaged in a fire, dropped down a flight of stairs, or simply stops working, you buy another one. The data on it is a different matter entirely. Documents accumulated over years. Financial records. Creative work. Photographs. Business files. Client information. None of that has a price tag. None of it can simply be repurchased.

The conventional approach — storing files on the computer itself, perhaps with a cloud backup — is so common that most people never question it. But consider what it actually means: your most important data lives on a device that is connected to the internet, subject to malware and ransomware, potentially accessible if the device is stolen, and entirely at risk if the hardware fails. The device and the data share the same fate. They do not have to.

There is a straightforward alternative that separates your device from your data completely: store nothing on the computer itself. Keep all your files on a hardware-encrypted removable SSD. Plug it in when you need it. Unplug it when you do not.

The result is a setup where losing your laptop — to theft, damage, or any other cause — is an inconvenience, not a catastrophe. You buy a replacement device, install your software, plug in your drive, and continue exactly where you left off. Not a single file is missing. Not a single document is lost. The device was replaceable. The data was never at risk because it was never on the device.

Hardware-encrypted SSDs from reputable manufacturers include a feature that most people are unaware of: the drive automatically locks the moment it is physically disconnected from the device.

This is not a software setting that can be bypassed. It is hardware-level behavior built into the drive’s encryption controller. The moment the USB connection is broken — whether you eject it properly, whether someone yanks it out of the port, or whether the power is simply cut — the drive locks instantly. The encryption engages. The data becomes inaccessible.

What this means in practice is striking. Imagine you are working in a coffee shop. Your encrypted drive is plugged into your laptop. Someone grabs it and runs. They now have a small piece of hardware. They cannot read a single file on it. They cannot access the data through any computer. They cannot crack the encryption — AES 256-bit hardware encryption, the same standard used to protect classified government data, is so robust that even the manufacturer cannot access the drive without the correct password. The thief has a very expensive paperweight.

Your only loss would be the data added since your most recent backup — which, if you follow a sensible backup routine, is minimal.

The hardware is only part of the system. The discipline around how you use it is equally important. Here is what a properly implemented approach looks like in practice:

Never leave the drive plugged in when you leave. Not for ten minutes. Not to run a quick errand. Not while the device is unattended in the next room. The moment you step away from your workspace, the drive comes out. This is not excessive caution — it is the single habit that makes everything else work. Anything can happen the moment you exit the door. An accident. An unexpected absence. A situation that keeps you away far longer than planned. If the drive is unplugged, none of that matters. If it is still plugged in, all of it does.

Back up to a second encrypted drive. A single drive, however secure, is a single point of failure. Hardware can fail. Drives can be lost. The correct approach is two encrypted drives — one you use daily, one that serves as a backup. The backup drive is stored separately, ideally in a different physical location. A fireproof safe, a trusted second location, a safety deposit box. Not next to the primary drive.

Back up regularly — and always before travelling. A backup from three months ago is not adequate protection for files created in the last three months. Regular backups are essential. The most important backup to perform is the one immediately before any travel. If your bag is lost, stolen, or delayed in transit, your most recent backup should already be safe at home or at your destination.

Keep the computer itself clean. If no files are stored on the device, losing the device costs you nothing beyond the hardware. Downloads should go to the encrypted drive directly. Documents should be created on and saved to the encrypted drive. The computer itself should function purely as a platform for running software — containing no data of value.

Not all encrypted drives are equal. The distinction that matters most is between hardware encryption and software encryption.

Hardware encryption. The encryption is performed by a dedicated processor built into the drive itself. The encryption keys never leave the drive’s controller. Even if the drive is connected to another computer, the data cannot be accessed without authentication. This is the gold standard — drives from Kingston IronKey, Apricorn, and similar specialist manufacturers use this approach.

Software encryption. The encryption is managed by software on the host computer rather than by the drive itself. This is less secure because the encryption keys pass through the computer’s memory and operating system — both of which can be compromised. It also requires the encryption software to be installed on every computer you use the drive with.

AES 256-bit encryption. This is the encryption standard you want. It is used by governments and militaries worldwide to protect classified information. A drive with AES 256-bit hardware encryption is, for all practical purposes, unbreakable without the correct password. No realistic attack can bypass it.

Brute force protection. Quality encrypted drives include protection against brute force attacks — attempts to guess the password by trying thousands of combinations automatically. After a set number of incorrect attempts, the drive either locks permanently or performs a cryptographic erase, destroying the data rather than allowing access. This is the feature that makes the theft scenario described above genuinely consequence-free for the attacker.

Your computer is a tool. It is replaceable. Your files represent years of work, irreplaceable memories, and the accumulated record of your digital life. They deserve to be treated as something more valuable than the device they happen to be sitting on — which means not leaving them sitting on the device at all.