If you implement your public key infrastructure correctly it will take longer for someone to decrypt your files than it would take for them to find another method (break into your work, install cameras, or some other extreme measures).
Links:
Best Practices for EFS with 2003 and XP
Best practices for the Encrypting File System -
http://support.microsoft.com/default.aspx?scid=kb;en-us;223316
A good 'rule of thumb' guide to EFS management. This goes through user education, archival, private key sensitivity, and other important information for PKI administrators.
The Encrypting File System -
http://www.microsoft.com/technet/security/topics/cryptographyetc/efs.mspx
An excellent and lengthy guide to deploying and maintaining EFS in a recommended fashion. Covers Disaster Recovery, additional protection guidelines, and many links to specific useful articles based on subject matter.
Create a recovery policy for a domain -
http://www.microsoft.com/technet/prodte...af14d-66e3-4cee-bc3d-38795b046c25.mspx
Add a recovery agent for a domain -
http://www.microsoft.com/technet/prodte...01135-c289-4f64-8bf3-8c0de903a8b7.mspx
The two articles above cover the brief set of steps necessary to adding Data Recovery Agents when in an AD environment. This is critical to protecting your data from a careless or malicious end user.
Encrypting File System Tools and Settings -
http://www.microsoft.com/technet/prodte...22595-5d30-4b19-945a-b6e4bb33bd6f.mspx
A list of the most useful EFS-related tools for making management of encrypted files much easier. Includes info on EFSINFO and CIPHER, as well as links to sub-articles with the complete syntax for these commands. This also has some very useful information on using Group Policy to manage EFS which will be exposed fully after your migration is completed.
Best practices for PKI with 2003 and XP
Here are some webcasts on how to implement a Publick Key Infrastructure:
Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure -
http://www.microsoft.com/technet/prodte...03/technologies/security/ws3pkibp.mspx
If you read nothing else, this is the guide to examine. This online whitepaper covers every aspect of best practices in PKI, from planning, deployment, offline roots, scenarios, samples, and the rest.
TechNet Support WebCast: Best Practices for Public Key Infrastructure: Steps to build an offline root certification authority (part 1 of 2) -
http://support.microsoft.com/default.aspx?scid=kb;en-us;896733
TechNet Support WebCast: Best practices for Public Key Infrastructure: Setting up an offline subordinate and an online enterprise subordinate (part 2 of 2) -
http://support.microsoft.com/default.aspx?scid=kb;en-us;896737
Finally, the above two online webcasts cover the end-to-end process of creating an offline root certificate authority structure for maximum security. This two-part presentation walks through the entire process, and is great for people that want to see how it works before digging into whitepapers and labs to make it all happen.