Your data can be protected with AES encryption by enabling encryption in the ExpeDat or SyncDat clients.  Refer to the documentation for MTPexpedat, DropDat, movedat, or syncdat for details.

Usernames and passwords are always encrypted, even when content encryption is turned off.

Administrators wishing to ensure that data is always encrypted can do so using the server's RequireEncrypt option.  When this is selected, unencrypted transactions will be rejected with an error telling the user that they must enable encryption.

Using encryption will increase the CPU load of both the server and the client computers which may cause a reduction in performance.  On modern CPUs, about one available CPU core is needed to support each gigabit per second of encrypted throughput.

For more information about data security, see Tech Note 0016.