Encryption is often considered something that only large corporations need. Very often we take security for granted and don’t protect sensitive information. In our previous articles, we covered the importance of encryption when transmitting information. However, this is only one area of encryption. The encryption of digital files, and securing of computers and devices are equally as important.
The World is Digital
It wasn’t long ago that people kept important information in a locked cabinet or a safe. Many people kept their social security card, birth certificate, and other types of personal sensitive information under lock and key. Today all sorts of personal information is kept online. From passwords, to credit card information, to health documents.
The question you should ask before determining whether or not to use encryption is; Do I have any information on my computer that I wouldn’t want put on a billboard? If the answer Is yes then you need to use encryption.
The Basics of Cryptography and Encryption
Encryption has been around since the dawn of writing. The use of nonstandard hieroglyphs has been discovered as far back as 1900bc in ancient Egypt. Various inventors in history such as Leonardo da Vinci. Broadly Cryptography is the practice and study of techniques to securely communicate under the surveillance of third parties(any 3rd party who does not have consent to view the information is called an adversary). Aside from fixing broken and worn electronics cryptography is one of the most important in the IT industry.
Encryption uses keys to encrypt and decrypt information. Today these keys have a high level of entropy essentially making them hardened against brute force methods. Without finding a weakness in the cipher suite encryption keys are very hard to crack. In the beginning of encryption both the sender and receiver of data transmission both parties required having a private key. In today's environment we have pretty good encryption (PGP) or private keys and public keys.
Public Keys are keys that sent to a key server and are used to encrypt information. Public keys are viewable by anyone with access to the key server. Public keys can only be used to encrypt information, and not decrypt information.
Private Keys are keys that each individual has and is paired with an individual public key. Private Keys are kept secret. They are used to decrypt encrypted messages.
Public and private keys are separated pieces of code that fit together. Each code should be unique, and work together mathematically. Without the private key the public key is useless to potential adversaries.
Interestingly this works in the reverse. You can use a private key to encrypt and send information, where people with the public key (even adversaries) can decode the message. This is useful in the case where you want to ensure that the message is from a specific person. This has been used quite extensively in recent years by high profile whistleblowers, and anti-government agents such as Edward Snowden and Julian Assange. You can send a message or documents out to the public and reporters and the public can determine that it is them sending the message because of the public key. Whatever the one key in a pair encodes the other decodes, but both must be used in tandem.
Your Disk Encryption Options
There are plenty of Encryption options available from commercial to open source. Veracrypt is a popular open source full disk encryption software. Apple, Linux, and Windows (pro and enterprise) all have full disk encryption available, although it is by default not enabled.
bitlocker comes standard on windows operating systems(professional, and enterprise), and works quite well. When the developers of Truecrypt stopped the development of their popular disk encryption software the recommended windows users migrate to bitlocker.
Filevault has had a bit of a controversial history. the original filevault was a poorly designed encryption suite with many holes in its armour. The newer FileVault 2 was released on Mac OSX Lion and shared very little with the original FileVault. It supports Full Disk Encryption on the fly, and is enabled by default. It supports AES 128 bit encryption with a 256 bit key. While not the strongest encryption available it's more than adequate for most applications.
veracrypt is a cross platform software that can perform full disk encryption as well as individual file encryption. veracrypt started as a fork of the discontinued truecrypt project. it is open source, and has been verified as secure by security experts. it can be a bit more complicated that built in options, but has more tweaks and features
Business Adoption of Encryption
Despite more attacks than ever highly publicized data dumps on WikiLeaks and other sites, encryption continues to only slowly be adopted. Only 41 percent of companies have a consistent encryption strategy, while 15 percent have no encryption strategy. Encryption is only as good as the consistent use in practice.
Implementing a good encryption system and using the right strategies to minimize your risk can be a complicated process. Using an IT security expert to help you transition into a secure office environment can save you in the long term.