What is Encryption?
If you run a business and have done some research on how to keep your data secure, you have probably come across the word “encryption” numerous times before. But what does this “encryption” mean? What exactly does it do, how does it work, how is it implemented and why does it matter?
Put simply, encryption is an umbrella term for any mathematical algorithm that makes your company’s data look like complete gibberish to anyone who is not authorised to look at or access it. This is why it is so important because without encryption, sensitive information of your employees as well as your company’s infrastructure would be freely available to cybercriminals! They wouldn’t even need to use a password!
Encryption is achieved through an encryption standard, which consists of these two things:
1. Mathematical algorithms (this is what encrypts the data)
2. Cryptographic keys (a secret password used to encrypt and decrypt information)
There are lots of different encryption standards in the world, but the basics of it remain the same.
Let’s say you want to send a message to a friend that says “Bob, stop trying to make fetch happen”. However, instead of sending it off in plain English, you want to make sure that only the recipient can tell what it means. This concept is at the very core of encryption.
How does it work?
Encryption works by taking “plaintext”, which is text in plain English and converting it into “ciphertext”. This is a process that uses a spicy combination of mathematical algorithms and cryptographic keys.
There are two methods of encryption: symmetric and asymmetric encryption. Asymmetric encryption uses a “public key” as well as a “private key”. All information is encrypted through both keys, however only the private key can be used to decrypt it (hence the name, it should be exchanged privately).
In contrast, symmetric encryption uses the same key to encrypt and decrypt information. It also runs faster than asymmetric cryptography as the key length is shorter, making it more convenient, however it is not as secure as its asymmetric counterpart.
At the start of this blog is a visual aid of how asymmetric encryption (also known as public-key encryption or public-key cryptography) works. Notice how both keys are mathematically linked, this is to make sure that your average everyday person can’t just come up with a random private key and decrypt the message.
How is it implemented?
“Okay, all of this is great”, I hear you say. “But how is it actually used and how often is it used?”
Good question! Encryption is actually used in our everyday lives and it can be found all over the place! Emails? Yep, Google uses an encryption protocol known as TLS! Websites? You betcha. Even databases! This whole process gets implemented into code, which makes it a lot easier for us because the public and private keys are all verified by computer programs that this code runs on, meaning that we don’t have to worry about doing all that hard work!
Pretty much everything that you interact with online has some form of encryption standard implemented in the code! (Facebook being an exception to this rule..)
Beware of which standard you use…
As previously mentioned, there are many different encryption algorithms that can be used to protect your company’s data. Some of these standards are very robust, however some of them can be outdated, so make sure to do your research first!
Some modern and robust encryption standards include but are not limited to:
• Advanced Encryption Standard (AES)
• RSA (with a minimum of 2048-bit keys)
• Twofish and Blowfish (symmetric-key encryption, a lot of e-commerce platforms use this)
• International Data Encryption Algorithm (IDEA)
There are some encryption standards such as DES that are no longer considered secure so if you want your company secured in the best way possible, please make sure that the standard you are using is secure and up to date!
Another thing worth pointing out is the following, exemplified in a quote by a hacker known as Kevin Mitnick:
“Companies spend millions of dollars on firewalls, encryption, and secure access devices, and it’s money wasted because none of these measures address the weakest link in the security chain- the people who administer, operate, and account for computer systems that contain protected information.”
What Kevin is saying here is, no matter how secure your encryption standards are, you need to make sure that your employees know how to safely handle this information and who they should share it with! One slip-up can potentially cost you MILLIONS of dollars, so make sure to communicate clearly and make sure that everyone knows what they are doing.
Using strong encryption keys is also very important. Like I said before, it’s like a password, so the stronger it is, the harder it is for hackers to crack!
What we’ve learnt and what you can do
So, in conclusion, we’ve learnt that encryption is an umbrella term used for a mathematical algorithm that makes your company’s data look like nonsense to prying eyes. This is achieved by converting plaintext into ciphertext, which can be encrypted and decrypted through a set of keys (or just one key if you’re using symmetric encryption). Symmetric-key encryption is less secure than asymmetric-key encryption, however it is faster and more convenient.
The encryption standard you use always makes a MASSIVE difference because it can mean the difference between getting your data stolen (which also implies a large cost in disaster recovery) or keeping it safe and secure.
You can know for certain that your company is using encryption in the safest and best way possible by implementing the following rules:
• Training your employees to ONLY share information with trusted sources
• Use STRONG encryption keys
• Use up-to-date encryption standards
• Clear communication and clarification (make sure everyone knows what they’re doing and work as a team!)
Thank you for reading this blog post and I hope I have helped you out in keeping your company’s data secure, locked away and safe from cyber-criminals.