Encryption may now be part of our daily digital life, but not that long ago is was a topic largely reserved for tech enthusiasts and conspiracy theorists. Which is why we are devoting this post to a review of what it is, what it’s used for and some common sense encryption solutions that can work for you and your business.
What is Encryption?
Let’s start with the basics, and talk about what encryption is.
Encryption is the process of encoding a message or data in such a way that only authorized parties can access it. It doesn’t mean it can’t be intercepted; however, if that happens, an unauthorized person would not be able to decipher it.
Encryption is based on the science of cryptography, which has long been the method used to store and transmit data in such a way that only the intended recipient can decipher it. (Cryptography dates back to the ancient Greeks and Romans, who would send secret message using a code that substituted letters. In order to decipher the message, you had to have the key or code).
In the digital age though, this discipline is most often associated with scrambling plaintext or clear text -- known as encryption – and then using a key to revert it back again from cyphertext to plaintext – a process called decryption – so that it can be understood.
Encryption can be looked at as the digital version of putting something in a locked safe. Only someone with the right key can get to it.
Given the amount of personal and sensitive information that is traveling around cyber-space, encryption is necessary to protect it. Because there’s a whole lot of information getting sent over the Internet that we don’t want other people to see, such as:
- Credit Card Numbers
- Social Security Numbers
- Sensitive Corporate Data
- Bank Account Information
- Medical or Health-Related Information
- Other private correspondence or personal data
- Voice Data Transmitted via VoIP Services
There are clear cases where encryption is necessary, including everything from personal financial transactions to the sending of classified documents by the government.
But you may also be asking yourself if it’s really necessary to encrypt every email, every text, and every single message you send?
The best answer is that in light of the amount of information we are putting online and the very real cyber threats that abound, it doesn’t hurt to use encryption as a common sense measure to protect that data from hackers, advertisers, business competitors or others.
However, it's not an "all or nothing" proposition either. You can certainly choose to use encryption for some forms of communication, but not for all.
If you think of it like how you use the mail (or used to use the mail!), then consider that there are situations where it’s just fine to send a postcard (even knowing that anyone can see your message). But other times – where you’re sending a personal letter, for example – you might want to put it in a sealed envelope. There are also occasions where you need to step it up even further and send something in a security envelope, such as when you’re mailing a payment. Or you might decide to use a delivery method that provides tracking, so that you can also confirm the delivery.
Deciding what requires encryption follows that same logic.
How Encryption Works
Encryption is the conversion of data into a form (known as a cipher) that cannot be understood. Decryption is the process of converting that data back into its original form (using a key), so that it can be understood. The goal is to prevent unauthorized recipients from intercepting the data.
There are 2 basic types of encryption – symmetric and asymmetric.
While this is certainly an over-simplification, the general overview is that, symmetric encryption (known as Private Key) uses a related or identical key for both the encryption and the decryption of the message. In contrast, asymmetric encryption uses a different key for encryption and decryption, and is often referred to as Public-Key Cryptography.
The benefit to using asymmetric encryption is that it eliminates the need to send out anything secret – the decryption key – over an insecure channel. With asymmetric encryption, the recipient uses their own private key for the decryption process.
End-to-end encryption – which has become the standard for messaging apps today – is an implementation of asymmetric encryption.
While there is certainly a lot more complexity to the explanation of the scrambling process that occurs, for the end-user it’s most critical to understand if the communications channel you’re using is encrypted or not.
There are no manual steps required in order to implement encryption – all of the work is done behind-the-scenes by the service or the software. So it's a matter of choosing the services and options that will properly encrypt those communications or data that you feel warrant a higher level of protection.
Common Sense Encryption Solutions
Encryption is now widely available for both business and personal use.
Businesses can encrypt the data “at rest” that is stored on desktop computers, laptops and USB Drives as a means to protect sensitive data should those devices are lost or stolen. (Note to Corsica customers...if you're interested in learning more about our Managed Encryption Services, contact your Account Manager for details.)
Websites are increasingly installing SSL Certificates to ensure that the data being transmitted between your browser and the websites you visit is encrypted. (You can learn more about the movement towards “HTTPS” sites in this recent blog post.)
There are also now secure options for both messaging apps and email, which are relevant for business and personal use alike.
In fact, because of this sensitivity around protecting messages, the gold standard for messaging apps is end-to-end encryption.
WhatsApp made the news in a big way in 2016 when it enabled end-to-end encryption for all of its users.
As noted above, with end-to-end encryption (asymmetric encryption), the message is encoded in such a way that only the sender and receiver can see it. This differs from encryption because with encryption only (not end-to-end) a message can still be deciphered by a third party, if they have a way to unlock it.
Practically speaking that means that the messaging service itself, governments and law enforcement officials can intercept the data and decrypt it. In the age of extreme privacy concerns, this is an important consideration for many.
Encrypted Messaging Apps
TechRadar rated the top 10 best secure messaging apps of 2017, and you can see their list here. WhatsApp is on the list, along with Signal, FrozenChat, Wickr Me, and Gliph. All of these boast end-to-end encryption, and most have additional features that allow for a message to self-destruct or expire after a certain time.
Popular messaging service Messenger has optional end-to-end encryption, but it's important to note that it's not on by default. You have to tap the "Secret" Button in the top right in order to have an encrypted conversation.
Skype just recently did roll out end-to-end encryption for audio calls, text, and multi-media messages using a feature called Private Conversations.
Twitter, Snapchat, and even Google Hangout Chats do not have end-to-end encryption. (Source: Recode)
One common warning for iMessage is that while messages between iPhones/iPads are encrypted (those are the texts that appear in the blue bubble), the iCloud backup of the message is NOT.
So if you want to keep iMessages private, you need to turn off the automatic iCloud backup (it's the default setting). Additionally, messages from an iPhone to another device such as an Android, for example, are not encrypted.
For the most up-to-date information on any messaging system, you may want to visit their website or Help Center directly. As we said, end-to-end encryption is the gold standard so just like Skype, these other services may have this feature in the works for their users.
And generally speaking, if you're interested in encrypting your communications, your best bet is to use one of these secure messaging apps versus SMS.
Email messages can also be encrypted.
A business-grade email solution such as Office 365 offers email encryption options as part of the service, as does G Suite by Google Cloud. One word of caution though...you’ll want to consult with your IT manager or partner about enabling the specific encryption controls that are best suited to your business - don't simply assume that the features are in use just because you have that product.
There are also other email services – both free or paid – that offer end-to-end encryption. Lifewire did a review of the top 5, which you can check out here.
The big takeaway here is to think carefully about what information you're putting out there, and what level of security it requires. There are plenty of user-friendly and budget-conscious options out there these days to help protect our communications, so it's really just a matter of finding the services that best suit your needs professionally and personally.
In the question of "to encrypt or not to encrypt" it really makes more sense to ask..."why not?"