Security should always be at the top of your priority list. If you’re not giving security the oxygen it requires, your business could suffer a data breach. Such security breaches can lead to the spread of private client/customer/employee information, company secrets, and credit card details.
You don’t want that.
To avoid such a reality, you and your IT staff go to great lengths to lock down your networks and servers. You might have even pieced together the absolute best security solution for your company, one that guarantees no hacker will ever be able to penetrate your network. Or so you think.
The truth of the matter is that hackers always seem to be one step ahead of your security. And when you have data tucked away in servers or being shared carelessly by employees, it’s not a matter of if but when that data is going to be compromised.
So, what can you do? Outside of locking down your network and servers, you can turn your focus to the data and how to best protect it. One sure-fire way of keeping that data out of prying eyes is using encryption.
What Is Encryption and How Does It Work?
There are two ways of looking at encryption:
• Protecting the data that exists on your drives.
• Protecting the data shared by your staff.
It’s important that you consider both of these options. Why? Because the two most common points of data compromise happen either when the data sits on your server or when your employees share it over the network.
But how does this work?
Symmetric-Key vs Asymmetric-Key Cryptography
There are two types of encryption you can use:
Symmetric-key cryptography uses the same secret key for encrypting and decrypting a file. The key used is a password or passphrase the encryption algorithm employs to encrypt and decrypt a file. If you share an encrypted file with another person, they must have the key to unlock it. Without the key, they can’t unlock it. This type of encryption is the most widely-used for files that reside on servers and desktops.
Asymmetric-key cryptography uses two keys—a public and a private key. The public key can be shared with anyone, but the private key must remain tucked away. With this method, you also use a passphrase (associated with the public key). This type of encryption is the most widely-used for transmitting encrypted data via email.
File Encryption
First, let’s examine how encryption works for data on your server’s hard drives. This data can be employee or client information, your company’s proprietary Java, JavaScript, .NET, Python, or Ruby code, network documentation, or other sensitive company information.
By default, that data sits on your drives, in plain text. What that means is anyone who has access to those drives can view the contents of the files. Even with permissions in place (that would normally prevent a user without access to the documents), if a hacker gains access to the server, the data can be read. Once the data is read, it can be copied, extracted, and sold on the dark web (or other, nefarious markets).
You can avoid this by encrypting that data (which is called “plaintext”). When doing that, an algorithm encodes a file using an encryption key, such that it can only be read by those who have the decryption key. When data is encrypted, it is known as “ciphertext.”
Without the decryption key, the ciphertext can’t be decrypted and is unreadable. So even if a hacker gains access to your server, if they pull off encrypted data, they will then have to go the extra steps to decrypt it —which isn’t easy.
Make no mistake: that doesn’t mean ciphertext is unhackable. With the right tools and enough time, encrypted data can be decrypted. This is made even easier when the decryption key uses a weak password. That is why you should always use long and very complicated passwords for encryption keys. Instead of using a password like thisismydecryptionpassword (which is long, but based on common words), you’d use something like $UI@jk98!y$TuJ1@#%^rst1.
The passwords (or passphrases) that are used for encryption/decryption must be strong. Think about it this way, if you can easily memorize your decryption key password, it’s easily hacked. If you, however, don’t employ encryption on your more sensitive data, the possibility of it being stolen and used against you increases exponentially.
For other employees to be able to access that data, you’d have to either share the decryption password (for symmetric encryption) or you’d have to encrypt the data using the public key of the recipient. For a recipient of an asymmetrically-encrypted file, they would have to have their public key (and the passphrase associated with that key) to decrypt the file.
Encryption Data for Transmission
Now let’s consider encryption for data being shared via email. For this method of sharing encrypted data, you must employ asymmetric encryption. To do that your senders must have the public key of the recipient.
This type of encryption does place a bit more work on the shoulders of the employee, but when they’re sending out sensitive data, it should be considered a must. Why? Because even if a hacker isn’t the recipient of the data, they could be snooping on your network, reading data packets as they come and go. If a hacker captures a packet containing sensitive data sent as plaintext, they can easily read it. If, however, that transmitted packet contains ciphertext, they’ll have a much harder time viewing the data within.
Transmitting encrypted data in this way also guarantees that those files can’t be read by the recipient unless they have the associated decryption key. So even if that recipient walks away from their computer and prying eyes snoops in their mailbox, they won’t be able to view the encrypted data.
Can you see a pattern here? If you want to protect your data—be it on a server or email—from prying eyes, encryption becomes a necessity.
Conclusion
You should only need one reason to make use of this technology. That reason is data security. It doesn’t get more important and any more plain than that. And because encryption can be added to your in-house applications, it should certainly be a part of your company’s considerations where cybersecurity comes into play.
Encryption is one of the easiest ways to help protect your data. It can be done inexpensively (even with free, open-source software), and won’t take your employees much time or effort to get up to speed with the technology. Use encryption wisely and it will serve you well.