Encryption Is All Around Us
Just about every person in the world uses some form of digital technology to communicate every day. We use smartphones, computers, tablets, PDAs, and other devices to communicate directly with each other or with other systems that require the protection of cryptographic algorithms to keep them safe from tampering. Our banking system relies on encryption to keep our money safe. Our government also uses cryptography and encryption to protect its communications.
Without (or with weak forms of) cryptography and encryption, unauthorized persons or groups can take advantage of the information we are trying to protect for their own purposes. You might remember the 2013 Target data breach, in which over 40 million payment card data was leaked.
Before we get into encryption and why we use it, let’s define both it and cryptography to understand the difference between them.
Why is encryption important?
14*15*18*20*08*19*20*01*18*18*27*09*19*27*01*23*05*19*15*13*05! |
A simple substitution cipher – can you figure it out?
The importance of a good encryption solution is in its ability to protect your data and communications by making them unreadable without decryption. When we create, send, or store information, we do so because it has some value to us. By encrypting it, we protect that value by ensuring that it can’t be modified without our permission or knowledge.
Some of the ways we use encryption are:
- Email is encrypted to make sure that what we have to communicate stays unchanged from when we create the message through transport to the person or persons receiving it,
- Banking transactions are protected as well so that we don’t lose track of the money we have spent, or have fraudulent charges made against our accounts,
- Data is sometimes stored in encrypted form to make sure that it doesn’t become accessible to those that shouldn’t have access to it or to be able to prove that it is unchanged when it is next accessed,
While there are many other reasons to use encryption, the primary reasons in the cybersecurity world for it are to protect: confidentiality, integrity, and accessibility.
What is the difference between cryptography and encryption?
Cryptography is the creation of the methods we use to encrypt information, as in making a code and key or keys for encryption. These methods are called algorithms and have been used in various ways for thousands of years. For instance, Julius Caesar used simple cryptography to transmit messages to his generals.
Encryption is the word we use for cryptography in action or using the codes and keys created in cryptography to scramble the message or data we want to hide, then unscramble it when it gets to the person that needs to read it.
Encrypting information with a strong cryptography algorithm and keys held secret by those using them is a way for us to help protect the information most valuable to them and us.
The message above uses a simple substitution cipher, meaning you substitute one thing for another to “hide” the original from someone. This is not a strong encryption method, so it isn’t appropriate for use in our cybersecurity setting.
Message hint: The numbers are important! |
What is strong encryption?
The stronger the cryptographic method we use to encrypt our information, the safer it is. But what exactly does “strong” mean in this context?
It means using methods that are complicated enough to break through that it is not worth the time and effort to attempt to do so. If you use a weak method, say a simple substitution cipher. A good, generally smart analyst can break the algorithm and have your communication deciphered pretty quickly. However, suppose your method has a more complicated encryption/decryption algorithm that is necessary to understand the information. In that case, the stronger algorithm would take months or years to break, which means that the information in the message is likely to be useless anymore. This makes an effort to decrypt it worthless.
Symmetric vs. Asymmetric Encryption
Two types of algorithms used today to encrypt our communications are symmetric and asymmetric. There are others, but these are two of the most commonly used and are a good choice for this discussion.
Symmetric encryption
Symetric encryption uses cryptographic algorithms with a single shared key for encryption and decryption. This key is shared between the original creator of the message or data and those with permission to see that data, such as a business partner, email recipient, or multiple recipients. Because the people on both sides have the same key, they can decrypt the message and view its information.
Asymmetric encryption
Asymetric encryption, however, uses a public key and a private key for each user on either end of the communication for the overall encryption and decryption. Because two keys have to be used together to secure and open the message, this is much more secure than symmetric encryption. If either side doesn’t have the appropriate key set, they cannot use this method.
Data at rest and Data In Transit
There are essentially two states for data that isn’t in direct use at any given time. Data is either “at rest” or “in transit.” Data at rest is information that is stored on a device or in a cabinet for later use, while in transit means that it is moving from one place to another. Both states are sensitive as they are periods when the data is at risk of destruction, corruption, or loss. Loss can be due to many causes, but for our purposes, we will only be concerned with theft or unauthorized access.
When at rest and unprotected, data that isn’t encrypted is accessible to anyone, so encrypting your hard drives, USB (thumb) drives, and other storage devices is an excellent thing to do.
Sending data over the network or via the Internet is also a good time to use encryption (called transport encryption) so that your chances of having your information exposed are much reduced.
How will this Affect You?
Being able to securely use, store and transmit your data is a benefit to all involved, especially if your organization has private or sensitive data. Defending your ability to do what you do and safeguarding your company’s investments in product research and development is a worthy endeavor.
What should you do?
There are numerous options available for encryption methods, many of which you already have available to you and your organization as an integral part of the hardware and software you work with each day. You can also invest in other solutions, such as:
- Biometric USB/external drives that require a fingerprint to be accessed
- Soft/hard tokens for encrypting/decrypting a system for use
- Advanced cryptographic software to protect your files and data.
The message: “Northstarr is awesome!” |
Did you figure it out?
Northstarr Recommendations
- Use encrypted messaging apps like Signal or WhatsApp to protect your conversations from interception.
- Enable device encryption on your smartphone, tablet, or computer to secure your personal data in case of loss or theft.
- Use a password manager that offers encryption to secure your login credentials for online accounts.
- Consider using a virtual private network (VPN) when accessing public Wi-Fi to encrypt your internet connection.
- Use file encryption tools like VeraCrypt or BitLocker to secure sensitive files stored on your device or cloud storage services.
To learn more about how we can help, visit our website or call (888) 767-2210 to set up an appointment. We look forward to meeting with you!