For many people, the word “encryption” invokes images of spies, clandestine operations and World War II, or NSA code breakers feverishly working to decipher enemy messages in a Dan Brown novel. Actually, encryption is a priceless security tool that any business can easily use to keep sensitive information confidential and safe from prying eyes. You don’t have to be a business or a billion dollar company. Any information that is private or confidential and most importantly, portable via a laptop/netbook/tablet, a flash drive/usb stick or a CD or DVD, should be encrypted 100% of the time to prevent data loss, breaches of security and the theft of your information.
Unfortunately, many businesses fail to take advantage of encryption technology, fearing that it’s ‘expensive‘, ‘too complex‘ and ‘difficult to use‘ on a routine basis. In reality, encrypting vital data isn’t much more difficult than running a virus scanner or a data-backup program but I.T companies, managers and staff are either lazy, haven’t been taught about encryption or think that their information is safe. They would be wrong. Here’s how to get started.
There are two basic ways to encrypt data. One approach is to use asymmetric PKI (public-key infrastructure) encryption. PKI cryptography is based on a pair of cryptographic keys: One is private and known only to the user, while the other is public and known to the opposite party in any exchange.
PKI technology provides privacy and confidentiality, access control, proof of document transmission, and document archiving and retrieval support. While most security vendors currently incorporate some type of PKI technology into their software, differences in design and implementation prevent interoperability between products.
The other method of encrypting data is symmetric key protection, also known as “secret-key” encryption. Generally speedier yet less secure than PKI, symmetric encryption uses the same key to both encrypt and decrypt messages. Symmetric technology works best when key distribution is restricted to a limited number of trusted individuals. Since symmetric encryption can be fairly easy to break, it’s primarily used for safeguarding relatively unimportant information or material that only has to be protected for a short period of time.
The easiest way to use encryption is to purchase a business application or a hardware product that incorporates some form of encryption technology, there are even many excellent and very strong Free alternatives, some are listed below. Microsoft’s Outlook or Outlook Express email client, for example, provides built-in encryption support. Meanwhile, vendors such as Seagate Technology LLC and Hitachi Ltd. have started incorporating encryption technology into their hard drives.
Since most software applications and hardware products don’t include any type of internal encryption technology, business owners and managers need to look for stand-alone encryption products. This can be a confusing process, one that’s best approached by first determining the business’s precise security requirements, then finding an encryption product that fits each need.
Microsoft Windows 7, 8 and Vista Enterprise and Ultimate users can take advantage of BitLocker Drive Encryption, a full disk tool that offers powerful 1024-bit encryption. Another Windows offering is EFS (Encrypting File System), which uses symmetrical PKI technology to provide file encryption.
Beyond Microsoft, leading encryption vendors and products include PGP, the free open-source TrueCrypt (Windows 8/7/Vista/XP, MacOS X and Linux), DESlock+,and Sophos Free Encryption that allows you to create ‘Stand Alone‘ self extracting executable files, meaning that whoever you send your files or data to, doesn’t need any pre-installed software to decrypt your information, and lastly for CD/DVD/Blu-Ray there is Nero SecurDisk, and for email, get a free Digital Signature. My personal favourites are True Crypt (because it’s available and compatable for most operating systems) and Sophos because of it’s self extracting file option and a Digital Signature as this can be used to actually sign an email, like a real signature, but it will also encrypt your email with anyone else who has a digital signature (you have to have each others public keys which are sent with the first email to each other). WinRar and WinZip deserve a mention too as almost everyone uses one of these products and they can also protect and encrypt files.
A new adition to this list is Spotflux. This is a relitivly new application and Spotflux encrypts your internet connection. Basically all your internet traffic is relayed and filtered through the Spotflux servers, encrypting all your data as well as it’s inelegant algorithms detecting malware and ads and stripping them away before any data reaches your computer. If you use a wireless connection at home, a café or an airport, Spotflux will keep your connection and emails safe from prying eyes and snooping attacks. Spotflux at this stage, keeps no logs, but this may change in the future. Your ISP logs everything you do and their Privacy Statement should outline how long they keep a copy of your connection info. At the time of writing, Spotflux is only available on PC and Mac, with a Mobile version coming soon.
What to Encypt
So how do you know what to encrypt? Here are some places to start:
- Hard Drives: A business may choose to encrypt entire hard drives as a way to reduce or eliminate data theft.
- Individual Files: In cases where full disk encryption is overkill, file-by-file encryption provides added security on an “as-needed” basis. Many leading encryption products offer drag-and-drop encryption capabilities.
- Laptops: Unlike office systems, laptops are easy to lose and are prone to casual theft. By ensuring that the system’s data content is unreadable, a business can limit its loss to the cost of the laptop. A growing number of government regulators and insurance companies are demanding that businesses encrypt any data that leaves their premises and over 5000 Laptops were left in the back of a taxi cab last year.
- Removable Media: Memory sticks, thumb drives and similar portable storage technologies provide portability, convenience, and an opportunity for data loss and theft. As with laptops, encryption limits a business’s loss to the cost of the device itself. A growing number of removable-media devices come with built-in encryption support.
- File Transfers: Sending files over unsecured wired or wireless links can expose sensitive information to data thieves. Encryption provides an additional layer of security, even when a secured network is used.
- Email: Encrypted email is kept secure during the transmission process and while sitting in its recipient’s mailbox.
- IM (Instant Messaging): A growing number of businesses are using IM to swap confidential business information. Encryption helps secure these critical transmissions.
Like any technology, encryption software isn’t perfect. Even the best products consume both processor speed and storage space. Users can also lose or forget passwords, thereby potentially locking systems forever.
Before purchasing any encryption tool, carefully research the product. Make sure that the offering addresses your company’s needs, is compatible with your systems and has a good track record concerning reliability and support. If possible, check with your friends and colleagues for their opinions on various encryption tools.
After reading this and you hear in the distant future (and you will) about some company losing data (possibly with your details included in the information) how easy and inexpensive protecting data really is, and quite frankly there is no excuse for any company to not encrypt their own sensitive data, secrets, accounts or peoples personal information.
It’s also time what the public start to fight back against companies that lose their data, especially if its not protected. You have a right. It’s your information that usually goes missing and ends up in the wrong hands and that could lead to identity theft, phishing attacks, stalking and there have even been cases of abductions, info being leaked to the press or posted on Facebook or Twitter. It’s about time everyone took privacy seriously and stop being reckless.
Please Note: If you do use any of the products available for encryption, including Windows EFS, please remember to backup and store your public and private keys. If not, you will probably lose your data. With Windows EFS, if you change your Windows password, you may not have access to your data. This guide will help you with EFS.