You should consider encrypting any devices that are frequently transported and hold sensitive data. Depending on the hardware and the operating system it's running, the device can be encrypted with relative ease and with little performance overhead (meaning, you won't really notice). If you are running an up-to-date operating system (OSX / MacOS, Windows 10, iOS, Android 6.0 and above, etc.) and have a relatively recent device, you can probably handle using at least some level of encryption.
There may be situations in which encryption is of little to no benefit, or the cons outweigh the pros. These include the following:
Unfortunately, once you make the decision to encrypt your device, you open yourself to the risk that you may forget the password. If that happens, your files are locked away forever--there is no "Forgot My Password" option for disk-level decryption. No one has the key but you. So take care to remember it or write it down and keep it somewhere safe. If your device already has files on it, you should make sure that you have everything important backed up before you decide to encrypt it.
FDE refers to encrypting the entire hard-drive (or at least, everything that isn't necessary to boot the device). When a device is fully encrypted, it must be decrypted before the operating system will even load. If the password is entered incorrectly or the drive fails to decrypt, the loading process stops there: you won't even make it to the Windows/Apple/Ubuntu logo. If a laptop carried a normal, unencrypted hard-drive with Windows installed on it, a thief who has the laptop would not be able to login to Windows without your password. However, the thief could easily remove the hard-drive from the laptop and mount it as an external drive on another computer, which would allow him to inspect the contents of the drive and look at your My Documents folder without needing a password. If the same thing were attempted with a drive that had been encrypted, the thief would need to know the decryption key/password in order to be able to inspect the files on the drive. Otherwise, all he would see would be blocks of random or gibberish data.
File-Level Encryption refers to only encrypting individual files that may be sensitive or important. For instance, if your laptop is just a Netflix/light-browsing/light-gaming machine except for a handful of tax/student loan/medical documents, you may wish to consider just encrypting those documents instead of encrypting the entire drive. Encrypting on an individual file level has some disadvantages, namely that you leave the metadata of the encrypted files exposed. A malicious individual who peers into your My Documents folder might not be able to open your tax documents, but he would still see that you have them; this could encourage him to copy them anyway, even in encrypted format, to try his hand at password cracking later. For a slightly more embarrassing example, encrypting your Porn folder would stop someone from viewing the videos, but they would still be able to see the files themselves and their salacious filenames.
There are multiple methods for encrypting your desktop computer, including tools built into the operating system and third-party tools. In general, the first-party tools (i.e. those provided with the operating system) require less work to setup. However, for the truly paranoid, you might not wish to trust Apple or Microsoft to encrypt your data such that they could not be compelled by a three-letter agency to decrypt it without your consent. In which case, you may wish to rely on a third-party tool like TrueCrypt or VeraCrypt.
Listed below are some of the encryption tools available for each of the major operating systems. Stock tools provided by the OS are listed first, then third party and cross-platform tools.
If you have an iPhone, encryption should be supported out-of-the-box. In fact, if you have a passcode setup on your iPhone, chances are the device is already encrypted.
For Android devices, encryption is supported, but not on by default unless you have a handful of devices (usually of the Nexus or Pixel line). Depending on your hardware and the version of Android you are running, encryption may or may not be feasible. While encryption was available, it was not until Android 6.0 that the operating system leveraged hardware-accelerated encryption provided by the processor, meaning it was all done in software. This resulted in sizable overhead that made the performance of the device degrade over time.
Low or Mid-Range devices running Android 5.0 (Lollipop) or older: Encryption is still possible, but it may slow down your advice.
Mid-range or High-end devices running Android 6.0 (Marshmallow) or newer: Encryption can safely be enabled with little to no performance overhead.
Note that after you decide to encrypt your Android device, you will not be able to disable the lock screen on the phone/tablet. The passcode that is set serves as part of the key for the encryption process, and so it cannot be removed without disabling the encryption. Note as well that once a device is encryption, you cannot permanently decrypt it without wiping the device.
Setting a password on the computer prevents someone from logging into the computer and accessing your files through the installed operating system (Windows, Mac, Linux, etc). However, it does not stop someone from removing the hard-drive from the computer and using another computer to view the contents. If the hard-drive's partition is not encrypted, someone could simply plug the hard-drive into another computer and mount the stolen hard-drive from your computer--it would show up as a browsable media peripheral like any other DVD, flash drive, or external hard-drive. At that point, your files would be freely accessible. If the drive were encrypted, however, and the thief did not know the password to properly decrypt it, the drive's contents would look like scrambled or random bits of data.
Encryption is a one-way process. Once something has been encrypted, you require the original that was used to encrypt it in order to decrypt it. In most cases, this 'key' is a string or password (it can also be a file). If you do not have the key, it cannot be decrypted. Period. For this reason, you should probably keep a backup of your keyfile or passphrase somewhere.
If you make use of OSX / macOS's built-in FileVault feature, you can choose to upload a backup of the key to Apple so that it can be retrieved in case you ever forget it.
If you make use of Bitlocker, you have an option of using the Trusted Platform Module to derive a key instead of the usual PIN or passphrase. In this setup, Windows uses your computer's hardware profile to create the key. This makes the encryption process transparent to the end-user, and you will not need to manually decrypt the volume every time the computer is turned on, but Windows will still give you a Recovery Key that you should hold onto. Additionally, you can choose to tie it to your Microsoft account, and upload a backup of the key to Microsoft so that it can be retrieved in case you ever forget it.
Most people don't update the BIOS for kicks, but if your computer manufacturer tells you that there's a BIOS update available for your desktop or laptop, you should probably update it. Be aware, however, that if you update the BIOS, you will more than likely be prompted for your Bitlocker Recovery Key after the computer restarts. This is because the TPM checks the BIOS and the Master Boot Record (MBR) before decrypting to ensure that the device hasn't been tampered with. If it detects a change, it will request the Recovery Key before continuing with booting. While it is unlikely you will ever update the BIOS on your computer more than once or twice, simply be aware that you should have the Recovery Key handy if you have Bitlocker enabled.
Your concern here about whether Microsoft should be trusted with your backup Recovery Key depends largely on your level of paranoia and your threat model. If your primary reason for encrypting your laptop is to mitigate damage in case of loss or theft, Microsoft is probably a safe place to backup your key.
If you are encrypting your laptop because you believe a state actor or a three-letter agency is after you, however, giving Microsoft a copy of your key may not be the best idea. While the risk is largely theoretical at this point, it is known that Microsoft was part of PRISM, including SkyDrive, where the backup key is stored. They have co-operated with law enforcement in the past to turn over data about their users when compelled by court order. It is thus not unreasonable to assume that if a law enforcement agency seized your Bitlocker-encrypted computer and wishes to decrypt it, they might compel Microsoft to provide the backup Recovery Key that you uploaded to them.
Trusting Apple with your FileVault key presents the same concern as trusting Microsoft: do you believe that Apple would refuse to provide law enforcement with the backup of your FileVault key if compelled to do so by a court order? While Apple has historically resisted attempts to help the FBI and other agencies defeat decryption, they have done so by engineering the device such that they cannot decrypt it--so that the answer is "We can't." instead of "We won't." If they are storing your backup Filevault Key, however, they very much can and probably must turn it over to law enforcement, if compelled.
If your threat model does not include the government, however, giving Apple a backup of your key could be useful if your copy is lost or forgotten.
If it is paramount that your sensitive data be encrypted, you should take special care to make sure that all of your backups are encrypted, too. Otherwise, someone who is unable to break into your main computer need only find the unencrypted external hard-drive you have lying around nearby in order to access all of the backed up files in plain view.
For certain situations, you may wish to not encrypt your external storage if it contains nothing sensitive (e.g. an external hard-drive containing nothing but photos, videos, or music). In that case, you may wish to separate the sensitive from non-sensitive files onto separate drives and encrypt the sensitive drive. Or, you may wish to fall back onto file-level encryption tools to only encrypt sensitive files on the backup device.
If you are backing up to an offsite or cloud-based system, you may wish to check with the storage provider to see what their policy is regarding whether the data is stored encrypted and, if so, how. For services like Google Drive, Microsoft OneDrive, Dropbox, etc., you may wish to consider encrypting the file yourself before uploading it to the backup service so that you don't have to trust their word on it being encrypted.