Security experts preach that it is not a question of whether someone will be victimized by a security breach, but when. Although this may be pessimistic, it is not a bad attitude to employ, especially given the consequences which can arise.
Adopting this mindset and creating a defensive system means that multiple levels of protection are necessary. In particular, if criminals are successful in evading defences and getting into a system or systems, the information obtained should be unusable. This is where encryption can help.
Encryption is a form of encoding information so it cannot be easily read. Characters are substituted to make the resulting information look like random gibberish – “I have encoded this message” might instead look like this: “34sfdkl09-c*(&)^{>9df98KLv” There are powerful algorithms available for encryption which have proven to be virtually uncrackable. Properly applied, it would literally take several lifetimes of the universe to guess the keys necessary to decrypt information protected by these technologies.
Decrypting such information is usually done through a password, although some depend on hardware devices which are analogous to a lock and key. Whatever is used, the important aspect is to use a strong password or key – simple ones which can be easily guessed or bypassed do not provide adequate protection.
Encryption can be applied to almost any digital data. Encryption can even be nested, so that encoded information is contained within other encrypted data for extra security. Protecting information through encryption is particularly important when storing data in the cloud, since that storage is outside one’s immediate control and more vulnerable to remote attacks.
A great deal of data in systems and on the Internet is already protected by encryption, and it is seamless and virtually invisible. For example, website addresses prefaced by “https” utilize TLS encryption (transport layer security) which helps avoid man-in-the-middle snooping of traffic. Nothing special needs to be done to benefit from this, other than confirming a site uses it instead of the older and less secure “http”.
Other cases require more intention to apply encryption. Many common software packages already include encoding options. For instance, Microsoft Office products like Word and Excel permit password-protected documents (File/Save As/Tools/General Options). Applying a password automatically encrypts the document in a very secure fashion.
PDF creation software like Adobe Acrobat also offers encryption. There are many other standalone packages incorporating this form of encoding. A handy way to protect a file of any type is to use archiving software like Winzip or WinRar. When archiving a file or files with those programs, a password can be easily applied so only those with the proper credentials can read the data.
It is also possible and recommended to protect entire hard drives or external devices like USB thumb drives so information they contain is restricted. Windows users can enable Bitlocker (Settings/Privacy & Security/Device Encryption) to protect hard drives in their system. Once implemented, it is almost completely seamless and employs powerful encryption. Bitlocker has a “To Go” feature which can also protect external drives.
Mac or Linux users do not have a native equivalent to Bitlocker. There are third-party applications, however, which can be used. A well-regarded one is VeraCrypt, available for Windows, Mac, and Linux. VeraCrypt lets a user encrypt individual folders, partitions, and entire drives, including external devices. Encrypted folders can also be hidden within others so anyone poking around will not even realize there is hidden, encrypted information. VeraCrypt is open source, which means it is open to researchers to audit and find problems. It has stood up as a very good, and free, solution.
Remember that mobile devices need protection too. Android and iOS utilize encryption natively – as long as a reasonable PIN or secure sign-in process is used. Never use a mobile device without protecting it with a sign-in key – they are simply too easy to lose or be stolen. There are also many applications which can encrypt sub-data within the mobile device, or when transferring files to others.
Optional Videos: In this series of Bite-Sized CPD videos, you can explore why to use encryption (Episode 1), what software you might already own that includes built-in encryption (Episode 2), and dedicated encryption solutions, including the benefits of open-source encryption software (Episode 3).
Encryption Episode 1 [5:58 minutes]
Encryption Episode 2 [7:47 minutes]
Encryption Episode 3 [5:42 minutes]