NIC IT Partner - Security lock on computer

Everything You Need To Know About Encryption

Cyber-crime has increased at an alarming rate over the past few years. According to MacAfee, cyber-attacks cost companies $300 Billion to $1 trillion annually. In light of the increasing cyber-attacks, more organizations are making efforts to encrypt their traffic. Sandvine estimates that in 2016, 37.5% of the North American fixed access traffic is encrypted as against 29.1% in 2015. The cyber security market is also expected to increase to $170 billion by 2020.

What is Encryption?

In simplest terms, encryption is the process of modifying your data so that it can be protected from unauthorized access. A common misconception I encounter in this regard is that encryption is just limited to a group of cryptographers. This is not true. In fact, we all come across encryption in some form or another, on a regular basis. For instance, when you proceed to the Check Out page on Amazon, the web page is encrypted to protect your card credentials from being stolen/misused. The email you send is encrypted so that only the recipient can read it. Even when you protect a folder on your computer with a password, it is a mechanism of encryption.

How does Encryption work?

At its core, encryption works pretty much as the decoder rings which kids play with. You have a message, and you encode it with a cipher. Only a person who has access to this cipher will be able to decode the message. This is a very simplified explanation of the functioning of encryption. The data on our computers and the Internet is encrypted with more complex scrambling techniques.

Once data is encrypted, anyone who wants access to the data must have an encryption key to convert it into a readable form. This process of unscrambling data with the help of encryption key into a readable and usable form is called decryption. In many cases, you might not be the only one having the encryption key. For a company that is providing you access to an encrypted product, they most likely keep a copy of the key with themselves and therefore have access to the encrypted data.

For communication platforms, “end-to-end encryption” offers the highest possible network security. If messages are end-to-end encrypted, only the participants are provided access to the key. Not even the communication platform can access the data exchanged.

When is encryption used?

Broadly speaking, data encryption can be divided into two categories – when data is “in transit” and when it is “at rest”. When you are sending your data to a recipient, you encrypt it in order to protect the data from unauthorized access as the data is no longer restricted to your device. Encrypting data “at rest” includes protecting the data on your removable and non-removable storage media. You can either encrypt a selected group of files which you think are the most confidential or you can encrypt your entire drive, though this decreases chances of retrieving data if your drive is corrupted.

virtualization with managed service provider

Where is Encryption used?

Internet Browsers:
HTTPS encryption is the most widely used by browsers. You must have noticed web pages starting with an “https” before the site name or a green colored lock icon beside the URL. This denotes that the website is using the HTTPS encryption to protect the information you enter and exchange with the web page. This encryption is often found in online payment pages and social media sites so as to protect your credit card information and your passwords from cyber threats.

E-mail:
HTTPS encryption, however, does not protect your emails from your email service provider. If you want to thoroughly protect your email data you can choose one of many third party software providers that are nowadays available in the market to secure your data. The email-service provider although,  will always have access to the metadata of your e-mail such as the sender’s and the recipient’s email address, time and subject of the email, and size of any attachments.

Computers and Hard Drives:
You can either encrypt some of your folders or your entire drive. Whenever anyone tries to open the protected files, they are prompted for an encryption key or the password.

Smartphones:
Not surprisingly device encryption is available for many smartphones because most of our personal data is stored on our smartphones. The latest version of iOS offers encryption by default to protect your files. You can simply set up a passcode to encrypt the iPhone. Android devices, however, have been lagging behind in this aspect. The latest devices, supporting Android 6.0 Marshmallow will support full device encryption. There has been no confirmed news from Google for devices running Android 5.0 or lower. Many smartphone apps use encrypted connections and some communication apps use end-to-end encryption too. Even the famous mobile web browsers have started using HTTPS encryption.

cyber security skills and InfoSec training with NIC

Is Encryption impenetrable?

If coded properly and implemented correctly, encryption can be very effective in protecting your data from potential cyber threats. The machines that are used to encrypt data must have updated software and free of any bugs so that the hackers cannot use any loopholes to gain access to your data. A poorly implemented encryption can prove detrimental to your organization.

To summarize, encryption is a method used to hide your data from prying eyes by modifying it into unreadable text. This scrambled text can only be converted into meaningful data through a cipher, which the owner of the data owns. In the wake of increasing reports of cybercrime, companies are investing more in their network security and cyber security, and more data is getting encrypted. Applications of encryption in day-to-day life can be found in our desktop and mobile browsers on specific web pages, in communication messaging applications, in our password-protected folders on the desktop/laptop and even in our smartphones. Encryption is never guaranteed to be impenetrable, but if done by experts in this field, can be very effective in protecting your data.

As the industry grows more dependent on cloud-based solutions, which are more susceptible to such threats, your company needs experts so that you can focus more on your business and less on securing your IT infrastructure. At NIC, we specialize in managed IT services, disaster recovery protocols, and cyber security. We have highly trained experts in cyber security who employ proactive measures to help you stay a step ahead of all the cyber threats. They also train your team on daily awareness and to be in compliance with the frequently changing regulations.

As an experienced managed IT service provider based in Los Angeles, we help numerous companies to deal with the cyber threats. Get in touch with us today to assess your firm’s cyber security preparedness and implement our expert strategies to overcome these shortcomings.