What’s Encryption and Why Does it Matter?
Category
Cybersecurity Fundamentals
Risk Level
During World War II, Nazi Germany developed a tool called the “Enigma machine” that helped protect all commercial, diplomatic, and military communications. This tool prevented Allied forces from intercepting any communications sent by Nazi Germany so they could make strategic decisions that could end the war.
At a high level, the Enigma machine worked by mixing the 26 letters in the alphabet and assigning them to the alphabet in order (as seen in the example above). Unless you knew the method behind the “mixing,” you would not be able to crack the code. The process of breaking the code eventually led to the development of the first computer, as portrayed in the 2014 movie The Imitation Game.
While World War II is one of the more noteworthy stories of encryption, examples of encryption have been discovered going back thousands of years. Today, encryption impacts everyone in two ways: encryption at rest, and encryption in transit.
“Encryption at what now?”
If you use the Internet, or any device connected to the internet, encryption is extremely important. Encryption is the process of converting information into a code, especially to prevent unauthorized access. What does this mean for you? It means that hackers can’t see or steal your information. We won’t dive into how encryption works specifically, but you usually interact with encryption through the use of a password or a certificate.
“Ok, so tell me a little about these two types of encryption”
INFORMATION AT REST
Information at rest is when your information is sitting still. This could be a word document on your computer, CAD drawings on a server, or pictures on your phone. The information could be changing, like you adding pictures to a PowerPoint presentation, but the information isn’t moving anywhere else except the IT device it’s sitting on. That leads to…
INFORMATION IN TRANSIT
As soon as your information starts moving somewhere else, it’s in transit. This could be you pulling up a file on your office server, accessing a website on the Internet, sending an email, sending a text message, or playing a game on your phone. Your information is shooting out across wires, whether a short distance at your office or home, or across the globe.
ENCRYPTION IN TRANSIT AND AT REST
In order to keep your information safe while it’s at rest and in transit, it must be encrypted. This prevents hackers from stealing your information as it moves across the Internet, or while you’re browsing on your phone while connected to your favorite coffeehouse Wi-Fi. It also means that if someone steals your computer, phone, or any other IT device, that they won’t be able to access your information, like your credit card numbers, bank accounts, pictures of your kids, or telephone numbers of your friends and family.
“So how do I encrypt in transit and at rest?”
IN TRANSIT
You’ll most likely experience your information in transit when you are connected to the Internet. Luckily, whether you are at home, work, or at the library, most Internet browsers make it easy for you to know if your information is encrypted in transit: that little lock on the URL bar. The lock means that your information is safe and secure while moving in transit. You should note though, the lock DOES NOT mean the website is safe. Many bad websites will encrypt your information in transit to make you think the website is safe, but don’t be fooled!
Unfortunately, many apps on your phone won’t tell you if your information is encrypted in transit or not. Remember to only use apps from well known companies, and skip the sketchy ones.
The big caveats here: emails, text messages, and phone calls. The code that powers these tools is old, and was never meant to be secure. As a result, you should avoid using these to send secure information to another person.
If you have to use them, you can use additional tools to make them more secure. For email, you can use Office to encrypt your document before attaching it to your email. The same can be done for PDFs. If you are using another messaging tool on your IT device, like iMessage, Facebook messenger, or WhatsApp, these tools encrypt your messages in transit, and are safer to use (sorry green texters!). And finally, if you need to make a secure phone call, many of the same tools listed before have secure calling features built right in as well!
AT REST
To keep your information safe at rest, you’ll need to encrypt your IT devices. There are different methods for each type of IT device, and we’ve listed some of the major ones below. But if you don’t see yours, you can always search online for your device name and “encryption” and there are tons of guides. Some of the top ones:
Windows 10 (remember, you shouldn’t be using Windows 7 any more!):
MacOS:
Android
iOS
“What about at my work?”
The organization you work for hopefully has put encryption requirements in place. For example, when you linked up your work email on your phone, your organization may have required you to change your passcode to a longer one to unlock your phone. Or when you unlock your laptop, it may take a minute longer to login everyday because it needs to decrypt your information at rest on it. Or maybe you can’t access a certain folder on a server because it’s password protected and encrypted. Or maybe your company’s website has the little lock symbol in the URL bar.
If you don’t see these things at work, or you know that your organization has had a problem in the past with hackers, let’s talk today about our Vulnerability Assessment. This is our introductory cybersecurity assessment to see where your organization may be at risk. We’ll show you how to fix things and keep you doing what you do best. If this sounds like you, click the button below to start the conversation.