Files are not encrypted at rest.

Encrypting files at rest is a crucial security measure to protect sensitive data from unauthorized access in the event of physical theft or data breaches. When files are not encrypted at rest, they are stored in a readable format on the storage device, making them vulnerable to theft or compromise.

To address this issue and enhance security, consider implementing file encryption solutions such as:

1. Full Disk Encryption (FDE): FDE encrypts the entire storage device, including all files and the operating system. Popular FDE solutions include BitLocker for Windows, FileVault for macOS, and LUKS for Linux.
2. File-level Encryption: If you want to encrypt specific files or folders rather than the entire disk, you can use file-level encryption tools or software like VeraCrypt, AxCrypt, or Boxcryptor.
3. Cloud Storage Encryption: If you store files in the cloud, make sure to use cloud storage providers that offer encryption at rest, which means your files are automatically encrypted when stored on their servers.
4. Database Encryption: If you're dealing with sensitive data in databases, implement database encryption solutions to protect data at rest. Most modern database systems offer encryption options.
5. Hardware Encryption: Some storage devices, like self-encrypting drives (SEDs), come with built-in hardware encryption to protect data at rest. Ensure your hardware and firmware support encryption features.
6. Network Attached Storage (NAS) Encryption: If you use NAS devices for storage, look for NAS systems that provide encryption options to secure data stored on them.

It's essential to choose the encryption method that best suits your needs and complies with relevant regulations and security policies. Regularly update and patch your encryption software and hardware to mitigate vulnerabilities, and use strong, unique encryption keys and passphrases to further enhance security.

Remember that encryption is just one aspect of a comprehensive security strategy. Proper access controls, authentication mechanisms, and security policies should also be in place to protect your data effectively.