What is “Encryption”?

You’ve probably heard the term loosely thrown around by media and IT professionals, but what does it really mean? Simply put: It hides things [data] you don’t want other people to see, without authorization. For example: When making a purchase online, such as Amazon, or Walmart, the connection between your browser and their servers is encrypted via the use of an SSL certificate (the HTTPS, and the little green lock icon). This significantly helps prevent attackers from stealing your information while it’s being transmitted (although you must make sure that the website you’re browsing is the legitimate website!).

Or a local example, you use a password to log into your computer; similarly, if you lock a document with a password.

Obviously these are 2 different levels of, and even types of encryption, but it’s important to differentiate these different levels and to understand what steps you can, and should take to protecting yourself, and your data.


Sounds pretty difficult – Should I really encrypt my stuff?

Absolutely! Even if you’re not willing to share some personal secrets, there is always the chance that somebody could openly find it. Let’s get 1 thing clear first – simply putting a password on your Windows account is nowhere near enough considering how ridiculously easy it is to circumvent it [1] (it’s even easier on OSX [2]). You don’t have to memorize what each encryption is and does, but understanding your options will help you better assess not just your threat level, but also a solid plan to keep you and your data safer – Bear in mind, there is no such thing as perfect security.

Ok, so I have stuff that I should encrypt. What are my options?

This is pretty broad spectrum, but it essentially boils down to 4 main characteristics:

  1. Local
    1. File Level
    2. Partition/Hard Drive Level
  2. Online
    1. File Level
    2. Server Level

This also depends on the level of encryption you want to employ for the file/structure you want to protect.

For example: John wants to encrypt his work documents that he stores under ‘My Documents’ on his Windows laptop. In this case, he would search into local file level encryption to protect these documents, such as AxCrypt [3] or Windows’ own Bitlocker [4]. John would also like to store pictures and photos online to share with friends and family. He would search for a secure cloud storage website (online file level), such as Sync [5] or Microsoft’s own OneDrive [6].

Another example: Alan carries a work tablet that has direct access to company emails, networks, and documents. The best solution for Alan would be to encrypt the entire partition/hard drive (storage) of the tablet in case it gets lost or stolen. This way, in order for the device to even boot into the OS, it requires a heavily encrypted key or password to then boot into the normal OS. Without that initial key, it because extremely difficult to get access to any data on that tablet.

Final example: Darren is setting up a website which he plans to sell product as an online store. Since this website will allow customers to enter their billing and credit card information, Darren must set up an encryption so he can protect the data being sent through the website. Darren purchases a SSL certificate from a reputable vendor, and installs it on the server hosting the website. Darren can now safely sell his products to his customer knowing that the traffic going through the website is being encrypted.

There are many different scenarios of which either and offline (local) and/or online encryption is required, of which you’ll need to assess and develop a strategy to keep you and your data safe.

Once I get the software licenses that I need, I just set it and forget it?

This is a huge misconception. Just because there is an anti-virus software installed on your computer, or you have a clever password, does not mean you can let your guard down. While the software itself may be doing its job to help prevent attackers, you must be vigilant in your daily usage of your devices to keep such disasters from occurring. This means you must actively monitor your networks and data transfers (the more valuable the data*, the more vigilant you must be), keep all of your software and devices up to date with the latest builds**, and it doesn’t hurt to look into technology news about the latest and greatest ideas, protection, and of course, software and techniques (best practices) [7].

Even with all of the great advances in technology to help keep your connections, and data safe, it’s becoming a clear trend [8] that a lot of security breaches come from end users not being vigilant.

*       Network passwords, company confidential documents, client billing information, all considered mission critical/high impact, meaning very valuable to hackers which they can steal and sell at a very high premium

**     it’s always a good idea to test out the latest builds of certain software on devices like servers before implementation to make sure that the technologies in use do not conflict with the security and bug patches of your current infrastructure. contact your local it department for more information on their upgrade/update policies

What else do I need to do?

The absolute best thing you can do, is keep work and personal items separate by every means possible. This includes but not limited to: Passwords, programs, devices, etc. If this is not possible, next is to investigate the different programs and techniques best suited to what you need (a chart at the end of this article will help you with that).

The main focus after all of your protocols have been established, is to make sure that the data you’re working with is legitimate, and protected; this includes websites and applications. One of the current trends to date to steal information from the typical user, are “Phishing” techniques, most notably via email.

Phishing is an authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack; also can be the creation of a Web site replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords [9].

Another way information can be stolen, is by software called “Ransomware”. This is when a user accesses content that was infected with a virus/downloadable executable that simply scans the user’s computer, differentiates the type of data, and encrypts the files holding your data for ransom. There have been very recent big profile cases of this as well [10].

So how can you make sure that you’re utilizing your resources in a safe and effective manner? Use the following chart to help you decide what would work best for your scenario.

Typical Security: Standard group policy and/or deployment for everyday use

  • Anti-Virus
  • Bitlocker/Password some files and folders
  • Strong Passwords
  • Adblock plugin on browsers

Moderate Security: For persons with mid-level access to documents/devices (including servers)

  • Anti-Virus
  • Anti-Malware
  • Bitlocker on many files/folders
  • Strong Passwords/2 Factor Authentication
  • Adblock + Script Blacklisting on browsers
  • VPN (For connecting to servers and other infrastructure)

High Security: For persons with upper access to documents/devices/networks of high value

  • Anti-Virus
  • Anti-Malware
  • AES 256 Encryption on partition and/or hard drive and other storage devices
  • Strong Passwords/2 Factor Authentication
  • Adblock + Script Blacklisting + Session Tracking OFF + Proxy on network and browsers
  • VPN (for connecting to major infrastructure)
  • Installed separate OS for regular usage

Whatever route you decide to venture, it may take a little bit of time and research into getting everything together, but in the long run, you and your data will be in much safer capacity operation of your daily activities.

Feel free to Contact Us for more information.