Encryption

Encryption is one of those things that we are constantly being told we should use to improve our security, but that most people do not understand and that has, in many cases, been difficult to understand and not very friendly to use.

Encryption is the scrambling of data to make it unreadable without the appropriate software. Although we often don’t realise it, we use it every day in email services, on-line banking and some messaging applications.

Why do we need it? In simple terms it is one of the measures that we can use to protect our information, whether it is being stored or transmitted. Every time you use the internet you are probably using it, although the process is, for the most part, transparent. When you connect to a web site, particularly if you are entering sensitive information, you should make sure that the URL (the address of the web site at the top of the browser) starts with HTTPS rather than HTTP and that there is a little lock icon on the top bar of the browser. This indicates that the information that is being sent is encrypted and makes it more difficult for someone to intercept. It isn’t fool proof, but it is the very basic level of protection.

There are a whole range of uses for encryption in the modern home or office environment that can be used to protect your information. For example, it can be used to protect the data that is stored on your computers or mobile devices. This will prevent anyone who is not unauthorised from being able to read the data. In the current environment when an unauthorised access to your system, by either a hacker or an insider is inevitable – it is just a matter of time, then encryption will prevent them from stealing, copying or changing your data. Encryption systems can be in a number of forms. Some will encrypt the entire computer hard disk so that you need to enter a password when you start up the computer. Others will encrypt either parts of the disk or individual files. The choice of which one to use will depend on your organisation.

Some of these encryption systems come with the computer operating system, for example all versions of Windows since Vista now comes with the Bitlocker system, which is a disk encryption system and Apple systems come with Filevault, which performs the same function. Other encryption systems can be downloaded for free or purchased from security vendors. Some examples of free encryption software include:

• CipherShed (which replaced TrueCrypt and which can encrypt disk partitions and files).
• DiskCryptor (which can encrypt disk partitions).

Another use for encryption is to protect the passwords that you need to have to access the whole range of other computers and websites that you need to use to do your daily business. Using a password vault saves you from having to remember (or write down) all of the passwords that you need to use in your day to day life and allows you to create stronger passwords.  By using a password vault, you then only have to remember the one password to access the vault and all of the other passwords that you use are stored in an encrypted form inside the vault. There are now a range of password protection systems available, some of them free, and they are now easy to install and use. Examples of the free applications include:

• Dashlane.
• Sticky Password.

Depending on the size and requirements of your organisation you may need to purchase a system that will offer you a higher level of protection or more functionality.

Encryption used to be very difficult and time consuming to use and maintain, and in more secure systems it may still be, but for the average individual or small business, it has become much easier and the software packages these days are much more intuitive to use and better designed.

Increasingly, encryption is becoming an essential tool to protect your information and with legislation such as the European General Data Protection Regulation (GDPR), which came into force in the UK from 25 May 2018, and which requires organisations to 'processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.' The penalties for failing to take adequate measures to protect the data that you hold increased dramatically with the introduction of GDPR and with an upper limit of €20 million or 4% or annual global turnover – whichever is higher. That could be devastating for any organisation.

With the increasing levels of identity theft and hacking of corporate systems, the use of encryption as one of the measures that you use to protect the data that you hold is increasing becoming essential. While no protective measure is perfect and can guarantee that you will not have a data loss, the use of encryption, together with the other security measures that you will be using will make life much more difficult for any.