Encryption - The Fine Art of Keeping Data Secret - The First Global Cyber Security Observatory

Encryption - The Fine Art of Keeping Data Secret

Author: Andrea Pfundmeier, CEO and Founder, Secomba GmbH | Boxcryptor

Transmit Secret Messages Securely

Encryption - The Fine Art of Keeping Data Secret - “There is information that should reach as many people as somehow possible. And then there is information that can have serious consequences if it reaches the public.”

For this very reason, already hundreds of years ago, messages were written in secret script so that their true content would not fall into the wrong hands. Because every time the wrong people got hold of the information, they were able to gain an advantage over their opponents, could blackmail people, or even won the decisive battle.

By using a code that is known only to the sender and the receiver, an attempt is made to encrypt a message in such a way that only those who know the secret code (the key to the information) can read the content. The stronger the code, the more likely that the content will remain a secret. Over the years, the struggle between code developers and code breakers has resulted in stronger and stronger methods of encrypting data in a way that sensitive information really remains a secret.

Encryption – Current Status and Benefits

Cryptography is the science of information security. The aim is to create information systems that are resistant to manipulation and protected against unauthorized access. An important aspect of this is encryption. Nowadays, private persons and companies all over the world encrypt their communication as well as their files and thus increase protection against espionage and data theft.

“Encryption is an effective way to keep secrets and make sure you are the only one who has the key to your data.”

Preserving privacy with encryption: For private individuals, the key benefit of encryption is that they can protect their online privacy and ensure the confidentiality of the data. By encrypting private communication, photos, or important documents, they make sure they are the only ones who have access to it.

Ensure data security with encryption: Encryption is becoming a popular way to protect company data. As recently as 2005, only about 15% of US companies surveyed by the Ponemon Institute had an encryption strategy. In 2020, that figure was up to 48%, with payment, financial, and personnel records the top choices for encryption. Still, it leaves the data at more than half of firms exposed and potentially unprotected. (Source: https://www.csoonline.com/article/3605033/3-top-enterprise-file-encryption-programs-compared.html)

Data protection incidents often remain undetected for a long time. If the data has been encrypted in advance, even if the attackers have taken possession of the data, they cannot see it in plain text until they have the key to decrypt the files. Therefore, file encryption helps companies to ensure secure collaboration on sensitive business files. It is one of the safest ways for companies and organizations to transmit and store data.

Comply with privacy and data protection laws using encryption: When it comes to data protection and privacy regulations all over the world, encryption is recommended to protect sensitive, personal data.

Companies that need to comply with legal and industry restrictions can ensure compliance by using encryption. For example, the Brazil Lei Geral de Proteção de Dados (LGPD) requires that companies must implement administrative and technical data security measures to secure personal information from data theft, unauthorized access, accidents, and other issues.

With encryption, companies have one more layer of protection — even if their storage provider already offers good security measures. Only authorized persons are allowed to open the file and see the information in plain text. People who are not authorized to see the files and do not have the key to decrypt it only see scrambled data.

PLATINUM

Innovators

Things To Look Out for When Encrypting Files

As mentioned earlier, it is crucial for the secrecy of the message that the code used to encrypt the message is as strong as possible. Today, there are different cryptographic algorithms like AES (Advanced Encryption Standard) as an example of symmetric encryption, and RSA, which is asymmetric encryption. If someone tries to break, for example, state-of-the-art AES 256-bit encryption symmetric keys with Brute Force, it will take 13.8 billion years to crack — at a rough guess. (Source: https://www.purevpn.com/features/256-bit-encryption)

It is very important that the owner of the data does not let the key out of his or her hands. This way they can ensure that only he or she has access to the information in plain text. Furthermore, data should always be encrypted “in transfer” e.g., when it is uploaded to a cloud storage or send to a colleague as well as “at rest” when it is stored in the cloud, on NAS, or file server.

However, even with encryption, there are differences and different approaches to look out for. We strongly recommend end-to-end encryption with zero knowledge standard.

End-to-end encryption means that files are encrypted on the user’s device before they are sent to the cloud provider as well as any other place you want to store them, e.g. USB, file server, NAS. Zero knowledge means that only the user knows the password, only he or she has the key to decrypt the data. If commercial software is used for encryption, even the encryption provider can see neither the data itself nor the key.

End-to-end encryption is when only the receiver and sender can decrypt the content. No one else may have access to the content in plain text at any time – regardless of whether it is a chat app or cloud storage.

It is important that the encryption used in a company is easy to use and does not affect the regular workflow too much. Only then, employees are willing to use encryption and keep data secure.

There are additional safety measures companies should also pay attention to: Choose a secure password with a random combination of numbers, letters, and symbols. Besides, secure the authentication of users with a second factor. Using a second factor, such as a security key or an authenticator app, ensures that only the authorized person decrypts the data.

End-to-End Encryption as a Service

So, does this mean that every company should have an encryption expert?

Fortunately, there is enterprise-ready software that is specialized in making encryption as easy as possible. With such a solution, every company can realize secure and easy collaboration — with internal but also external business contacts. Furthermore, they can restrict access rights so that only those employees get access to files and folders who are supposed to.

If businesses are looking for a suitable encryption solution, there are a few things they should pay attention to. Here are a few examples:

Encryption: Are publicly available and well-tested encryption methods (e.g., AES, RSA) used?
Key Management: Are you the only one who can decrypt files? Can you access company files in case of an emergency, even if the password is lost?
Flexibility: Does the encryption solution work for different storage locations like cloud storage, USB storage devices, hard drives, or file servers?
Usability: Is it an intuitive, simple application?
Additional security features: Are there further security features like Two-factor Authentication?

Once a company has chosen a suitable encryption solution and successfully implemented it in the daily handling of sensitive data, their data protection officer will certainly be able to sleep better once again.

Thanks to encryption software, companies can realize privacy regulation-compliant security.