You can encrypt a full partition, or use a file container.
Then you need to take some precautions.
Ensure that your computer remains locked when unattended. Ask password for login, systematically manually lock it when you leave it, set up your screen saver to automatically lock it after a few minute of user inactivity in case you forget, and configure it to be locked when it resumes from sleeping.
Not only your encryption password must be robust, but also your user and root session passwords (I mean passphrases!), especially if you need to run an ssh daemon. You must store them in a secure manner (I mean only in your head), and be cautious when you enter them.
Also if you are more worried about the security of your data than of your system, you may want to avoid asking your password for sudo. If someone get access to your machine unlocked, then your data are compromised, and he will be able to watch them or copy them even without root access (except if you have taken a lot of care that he could not mount any external storage or access to network without root access, but it would be a pain to use this machine then). On the other hand, the more you have to enter your password, the more you take risks of someone eyedropping it, so it is better to only ask for passwords when they are really necessary. All about compromise!
And avoid connecting to your machine from not very secure machines (eg prefer scp-ing from your machine to the remote machine than the contrary).
If your data are very sensitive and you suspect some advanced hackers could try to gain access to it, you should only keep the volumes mounted when you need to use it, and unmount it as soon as you don't need it. To ease it you should have a separate volume for every category of sensitive data you have. It should never be mounted when the computer is unattended, idle, sleeping, or when you are traveling with it. The reason is that it is not that difficult to recover the encryption keys in the RAM if the volume is mounted, even if it is not possible to use the current session; see cold boot.
If your data are not very sensitive but you just want to prevent the average hacker thief to get your data, you can keep the volumes mounted and follow the rest of the instructions.
Take care of indexing programs. Prevent them from indexing the content of your encrypted volumes, or if you need it, put the index file of each volume on the volume itself. For example for mlocate I use the following configuration for a partition mounted on /mnt/data (adapt and duplicate as needed):
/etc/updatedb.conf (as a security):
#!/bin/sh updatedb --add-prunepaths "/mnt/data" if [ -e /mnt/data/AppData/mlocate/mlocate.db ]; then updatedb --prunepaths "" --database-root /mnt/data/ --output /mnt/data/AppData/mlocate/mlocate.db ; fi
#!/bin/sh databases="/var/lib/mlocate/mlocate.db" if [ -e /mnt/data/AppData/mlocate/mlocate.db ]; then databases="$databases:/mnt/data/AppData/mlocate/mlocate.db" ; fi locate -d "$databases" $1
alias updatedb='updatedb.sh' alias locate='locate.sh'
Sensitive/personal application data should be moved to an encrypted partition, you can use symbolic or hard links to make the redirection. This as the advantage of easier backup as well. It is also a good idea to encrypt your home directory, as it is difficult to spot all application data that contain personal data. It can be automatically mounted when you log in, with the same password.
The next step is to encrypt your whole system partition. It is necessary if your data are very sensitive and you suspect some hackers could try to gain access to it, to prevent from installing spy programs on it (by booting on a live OS or extracting the hard drive). But then it is possible to attack the unencrypted boot partition, which is not really harder because of the needed initramfs, so you also need to encrypt it and have grub decrypt it. You should also verify the integrity of grub, the MBR, and the BIOS.
Encrypting the whole system partition also encrypts the swap file if there is one. If you are using a swap partition you may want to encrypt it as well (a swap file on an encrypted partition).
You can add extra security at boot, depending on the amount of security you want, and the everyday burden it will bring:
Of course all of this requires that you have a good firewall and antivirus if you're using Windows…
And whatever technical security solutions you set up, don't forget that your keystrokes can be detected a few meters around, that a spy camera can be installed in your office, that you can be kidnapped and forced to reveal the passwords… (see plausible deniability concept).
In any case, it is a lot more important to protect the logs on your hard disk than the communications themselves.