For a basic guide on which type of data you may store on which kind of storage, please check the research data storage guide. It will cover the major options available at the Institute. Beyond the legal and ethical issues regarding research data, you may still be interested in encrypting drives or folders for personal reasons. This is what this part of the guide will be about.
A note about cloud storage
While it is extremely practical, cloud storage is generally not secure. You should not rely on it if security is your main concern. Neither Dropbox, Microsoft, Google, Apple nor any other provider can guarantee the security of your data.
Technically, the data is encrypted but it can still be accessed by the host itself, and they might be vulnerable to hacking and security issues, as shown by multiple events over the years. In addition, US companies can be forced to give access to law enforcement and other government agencies to anything they store. This is a problem if you have any personal or sensitive data subjected to Swiss or European law.
The rule of thumb here: do not store anything on the Cloud that you would not want anyone to ever see, use, or copy. You can however store data once it is encrypted or thoroughly anonymised.
Full drive encryption is a simple option if you consider there is a risk of hardware theft for your computer. Using such an option makes it so nobody can access the contents of your computer drive without your login information. If you do not use drive encryption, an interested party could access the contents of your computer by connecting its drive to another machine.
Reasons why you would not use it
First, you should note that it somewhat slows down your machine. Additionally, it makes data retrieval harder in case of a drive failure and you should have a backup strategy in place.
The benefits outweigh the costs when you need additional security, but file- or folder-level encryption is generally sufficient for sensitive data.
On Windows 10 (except Home edition), you can encrypt files and folders by right-clicking on them, opening their Properties > Advanced, and checking the box "Encrypt contents to secure data". The files remain accessible while logged in with your Microsoft account, but someone else booting your hardware from a different account (or using a USB drive) can no longer open these files and folders. Windows will also allow you to back up your encryption key to an external drive for safekeeping.
On Mac OSX, go to Finder > Applications > Utilities, and open Disk Utility. In the File menu, choose New > "Disk Image from Folder", select the folder you want to encrypt, and click Image. Select an encryption method and save. Since I do not personally use Mac OSX, I would still advise you to look for tutorials before you attempt anything.
If you suspect law enforcement agencies could be interested in your data (if you are working on sensitive issues such as terrorism, organised crime, or political activism for example), you should note that they might have back doors to some of the default encryption software such as Windows' Bitlocker or Apple's iPhone.
Other software such as VeraCrypt, GNU Privacy Guard, AxCrypt (Windows only), or even 7-zip (a Windows archiver) can allow you to password-protect files, folders, or even drives very efficiently. This could be useful if you do not trust the default options provided above, or if you are sharing a computer and account with a colleague or family for example. Some of them can also hide folders rather than just encrypt them.
Finally, remember that in some cases, the best protection is not to keep data in any form. Delete or anonymise anything unnecessary as soon as possible.
It is possible to encrypt data before it is stored/synchronised on a cloud drive. This makes cloud storage an appropriate solution even for personal data.
Veracrypt (mentioned above) was not designed for cloud usage and its encrypted files can become very large. If space is not a problem it is still a good solution. Other software for more advanced users are listed in this article.
When you "delete" a file on a hard drive, it does not actually delete all traces of the data – it simply makes the files inaccessible until something else is written over them. Specialised software can restore deleted files. This is often used by law enforcement, but it is accessible to anyone with a modest budget.
This means that when you intend for deleted files to remain permanently unusable, you should manually overwrite the sectors of your hard drive that used to store them. This can be done simply by filling your hard drive with random large files (videos and other) and removing them again, or by defragmenting your drive.