You should do full Disk encryption
{TLDR, Don't listen to the retards online dismissing encryption, you should do it}

Look, i know people fear tecchnology they don't understand, or the worse, they lose their key or forget their password for their vault.
But,
That still shouldn't keep you from learning. I'll put out my plan and how i setup Full disk encryption or a encrypted vault. I can give a easy to understand graph for windows, but it will be somewhat out of scope for this as i have not used windows in a very long time.
I would reject using bitlocker due to the FBI doing FBI stuff and Microsoft doing Microsoft stuff. But, don't listen to the nay-sayers You should encrypt it, If this is your "only " option availible.
Encryption is the best option you have
Encrypting everything is the best option you have to protect your data. Yes OPSEC and metadat can do a lot of damage, but why take the risk.
Example A
cop fucks himself.
ideally. when you setup LUKS encryption on Linux it gives you full disk encryption. make sure to use a strong phrase. weak pass phrases are just as bad as no encryption.
thid is a easy chart to see how encryption works.

I have on my laptop LUKS encryption + user password + hardware key to login. (i will do a video soon on how to set this up in QUBESOS).
WE know the flaws
Look, I know the flaws of encrypting your drive.
- what if i lose my password.
- what if i get my laptop or desktop stolen.
- when it's unencrypted it is "useless"
These are valid concerns, but there is stil away to protect yourself.
My solutions are as followed.
-
for your most secretive files , make a second vault that is encrypted with veracrypt or picocrypt or luks. just make sure to make backups and put the files in the vault or put them on a encrypted USB drive.
-
do sensitive work on Tails or QUBES OR WHONIX. I would opt for tails.
-
Tails with buskill and even on Qubes is a good extra secure step. RTP has a good channel on this too.
It is simple. Encrypt everything, even if you are on windows. make regular backups and always store your keys offline.
Look I am trying to make this short. Encryption is a very controversial topic due to the Government hating it and losers in the comment section saying it's worthless. it is not.
I find myself learning more and more and I will do more write ups i find
as always, untested backups are not backups - some bald IT guy