Encryption is when data is converted into codes. Only people with the password (decryption key) can read it. Data that is encrypted is known as ciphertext and unencrypted data is known as plaintext. Encrypting and decrypting data is known as cryptography.
The reason for encrypting data is to protect confidential digital information that is stored on a computer and transferred via the internet or other networks.
Although encrypted data may seem random, it actually follows a set of rules. Data is encrypted using a formula called encryption algorithm/ciphers and an encryption key. This then results in ciphertext, which can only be read with the correct key.
Before data can be encrypted, choosing the correct cipher you want to use, that best suits the information you want to encode is important. Then choosing what variable to use as a key to make the message unique. There are two main types of data encryption – asymmetric (public-key encryption) and symmetric.
This type of cipher usually uses prime numbers to create keys. The most popular public key algorithm is The Rivest-Shamir-Adleman (RSA) encryption algorithm. To encrypt and decrypt information, the public and private key can be used with RSA.
Symmetric key encryption is faster than asymmetric encryption. Advanced Encryption Standard (AES) is the most popular symmetric key cipher. Whoever is doing the encryption, must share the secret key with whoever is authorised to decrypt the message. This is why it’s also known as shared secret encryption.
Types of data you should encrypt
There are two types of data that are important to encrypt. Personally identifiable information (PII) and Confidential business intellectual property.
Personally identifiable information consists of any personal information someone can use to identify you. Your drivers license and National Insurance number are important info that hackers may use to steal your identity and then can potentially apply for credit cards in your name. Phones, laptops and tablets may contain PII, therefor they should be strongly encrypted.
Confidential business intellectual property is valuable data your business have acquired. Your employees most likely access a significant amount of data on your customers and your competitors can benefit from knowing their names. Encryption may not be possible for every data, but there should be priorities.
Customer information: Protecting customer information should be top priority, especially for healthcare and banking industries. General Data Protection Regulation (GDPR) is an EU law that protects customers data and their privacy. Their personal data can’t be transferred outside the EU and EEA. Although encryption isn’t mandatory under the GDPR law, it’s still smart to consider. The reputation of your company can be at risk if data such as this leaked.
Financial reports: A lot of companies usually keep this sort of information private. It’s smart to store them in a secure location with encryption, whilst limiting the access to only people who need it.
Any files with sensitive data: Each company has it’s own idea of what they think is valuable information. Encrypting legal documents and employee emails should be considered.
If this information was leaked to the public, would it damage the company’s reputation or harm your employees? If yes, then it should be encrypted!
Read our last article on Can You Really Stop Getting Spam Email?