We know encryption is the bees' knees, that's why we've been coming up with ways to encrypt messages since the time of ancient Greeks. But do our coworkers and family members understand what it means to
use encryption in today's technology landscape, if they're using encryption at all?
In layman's terms, encryption is about putting data inside a virtual safe and locking it with a key that only you have. In terms of communication, there are a series of locks and keys passed back and forth to turn your data into gibberish which can only be understood by the parties with the keys.
Encryption is not just a conversation of security for sensitive data; it's a conversation of personal privacy. It's used by the good guys and the bad guys. Through support or opposition, every individual picks a side whether we deserve the privacy encryption provides or not. Consider the turmoil of the past year in relation to government authorities having some kind of master key or back-door to common encrypted devices like iPhones. To sacrifice the privacy of the bad guys, we also have to sacrifice the privacy of the good guys (which is you, hopefully). I'll let you decide what's best there, but for today, let's remember the benefits encryption brings and consider some new tricks out there which encryption is the only defense against.
Encryption for the everyday user can be lauded for two primary forms of protection. First, encryption on PCs protects your data from unauthorized access by someone who can physically access your machine. Second, encryption of Internet traffic protects your data from unauthorized access by someone who can intercept data you send across a wireless network.
Encryption should not be the first and only defense in your layered security program. Some protection prior to encryption are common sense, such as not leaving your laptop in an airport or restaurant and not allowing nefarious characters into your back office. But let's say those didn't pan for you and someone is sitting at your workstation or has lifted your laptop. Then what? Then encryption. Specifically, whole disk encryption. Have you heard of the Password Reset Key 2 (available on Amazon for just $19.95)? This tool was designed to be used for good to help people get into their computers when they get locked out. But you can image it to be be used for bad too and unlock computers that are not your own. With just a few simple steps using this device, you can fully access any PC not using whole disk encryption. Fantastic. So your options are to either encrypt your sensitive files, or (better yet) utilize whole disk encryption like BitLocker. With whole disk encryption, an attacker can't even boot the system without the key only you hold.
Encryption should be a given when communicating over wireless service and in a lot of cases, it is. Many websites which request sensitive data use the HTTPS (HTTP over SSL) encryption standard. You can also know if a website uses encryption by checking for a little lock icon in your browser's address bar. This kind of encryption means your device and the server do a special handshake involving an exchange of keys and certificates to verify a secure connection where all transmitted data is encrypted. Encryption is especially important in this scenario because it's nearly impossible to ensure nobody is intercepting the data you send: data via email, bank applications, and various messages. If we're using encryption, intercepted data is useless because it can't be read.
There's a neat little tool I recently learned about called the Pineapple: https://www.wifipineapple.com/. It's described as a penetration testing tool, but you can imagine it can be used for evil as well. The Pineapple is a simple tool used to masquerade as a secure wireless access point. You could sit in Starbucks and think you're connected to their Wi-Fi when it's really spoofed access to the Pineapple. This may be conspiracy talk, but perhaps someone truly is always watching and listening. This is why encrypting communication is so important. NEVER send sensitive data while on an unfamiliar Wi-Fi network through an unsecure channel.
Gaining access to data is becoming easier every day. These two tools
are a great example of that. So, please use your encryption options. Encryption is one of the best ways to achieve data security and one of the last resources available to protect your data when it ends up in the wrong hands.
Leticia Saiid is a Security+ certified Tandem Software Support specialist for CoNetrix. CoNetrix offers a variety of security and technology services including computer network design, penetration testing, and the Tandem Information Security software suite. Visit our website at www.CoNetrix.com or email info@CoNetrix.com.