The hardware encryption is enabled all the time, so all data written to the NAND chips is encrypted. By default though this offers you no security as the SSD can be stolen and used in any computer as it will decrypt the data for anyone.
To use the hardware encryption to secure your data, you need to add a key that only you know to lock the decryption to only you. For a boot drive you can only do this via the motherboards BIOS. Very few desktop boards support adding a password to the hard-drive though. Look in your BIOS for a Hard-drive password option.
Sometimes it has been said enabling the User/Supervisor passwords in the BIOS has also set the User/Master password on the SSD so you could try those. To confirm your SSD is then password protected, in the Intel Drive Toolbox under Drive Details look for the Word 128 and see if it has Security Enabled = 1. If not then it isn't protected.
You can still use software protection of course however this will have an impact on write speeds, takes a slight hit from your CPU to do the encryption, and affects wear-levelling. This is because the Intel 520 compresses data so it doesn't have to write as much, so writes are quicker, and because you are usng less NAND memory more is left free for wear-levelling. If you send encrypted data to the SSD, it will be compressed still, however encrypted data due to being encrypted just isn't compressable, so your write speeds drop and the drives gets some extra wear and tear because no space is saved.
The SSD can still use compression when it does the encryption because it works in this order: Data-->Compressed-->Encrypted, whereas in software you are going Data-->Encryption-->SDD attempts compression of already encrypted data, but can't really compress it much due to the encryption-->Encrypted again.