Encryption
Full Disk Encryption, there are products that do it, some better than others. Disk encryption is a philosophy and a collection of best practices not just a software program.
Building complex passwords will help secure data:
The password is the key, if you use weak ones, they will be easy to guess or are susceptible to a brute force attack, so a reasonably complex password is in order. Complex passwords use letters upper and lower case, numbers, and special characters with the number of characters ranging from 8 to 20.
Most FDE solutions have a limit of incorrect attempts it will allow. So, in thinking about the number of attempts, you want to set the lock out to a reasonable number not 1 or 2. The password should be complex but easy enough to enter to avoid the fat finger effect. Keep the FDE password in a safe place. Probably should not label it encryption password, and should not keep it taped to the bottom of the keyboard or phone in the office.
Lock the computer instead of sleep mode:
Data is not encrypted in sleep mode. Encryption programs encrypt the data at shutdown and decrypt upon boot.
I once had a customer that let the computers go to sleep, out in Iowa, and did not shut them down or at least lock them to require a password to log into. My customers thought is “the building is secure.” The building maybe secure but what about the cleaning staff. They have unfettered access all night long with no one watching them most of the time.
There are backup programs that will back up the disk without installing any software on the computer and a re-boot is not required for this software to work. These types of programs use a USB stick and can image the entire disk in its unencrypted state. The image is loadable to a different computer and the Windows password will not save the day. The attacker will remove the password from the image with another set of software tools.
If this customer locked the computer the attacker would not get access to the OS, and if they tried to re-boot the computer the encryption would engage.
Make sure there is a good working back up of the data:
Backup is powerful. When choosing a backup solution, choose one that will encrypt your backups with the AES encryption standard.
Full disk encryption will only protect your system after the computer is shut down:
If there is a breach from the internet / Internet facing side, FDE will not protect the computer files. So, while the system is up and working, the operating system is vulnerable. Use windows update and patch windows often.
Remember if you going to the trouble to encrypt, somebody will go to the effort to steal it.