Encryption: The Good, The Bad, and The Ugly

Encryption is one form of security that many businesses don’t use enough. It’s a way to make plain text messages or documents unreadable by anyone that doesn’t have the proper decryption key.

Data encryption is a recommended form of IT security to protect all types of information including:

  • Data located on a laptop hard drive
  • Email messages
  • Files saved in cloud storage
  • Credit card numbers transmitted during an online transaction
  • Data being sent to and from an IoT device

Information in any form, whether that’s "at rest" when stored in a cloud service or "in transit" between devices, can be encrypted to help prevent it being intercepted by a hacker and compromised. The high cost of having data compromised is leading more companies to look at encryption. For example, there has been a 21% increase in the use of encryption within public cloud services over the past four years. However, 52% of companies still don’t have a consistent encryption strategy (or any at all) to protect their data. Let’s take a look at encryption basics first, then we’ll go through "The Good," "The Bad," and "The Ugly" of encryption.

How Does Encryption Work?

What encryption does is apply an algorithm through an encryption key to scramble data and make it undecipherable. The data can’t be made readable again without the key designed to decrypt the data and restore it to its original state. Encrypting emails and cloud storage files can keep them safe in the event that a hacker is able to obtain that data, because the hacker won’t be able to read it. Encrypting laptops is also a popular method of data security used by many firms in Rhode Island and around the country as a protection in case the laptop is lost or stolen. You’ll often hear "end-to-end" encryption mentioned. It’s one of the following three standard terms used for encryption:

  • End-to-End Encryption: This describes encryption that keeps messages locked and only readable by the sender and receiver when in transit. So, the ISP being used doesn’t have access to the decryption key.
  • Symmetric Encryption: This type of encryption uses one key. The same key used to encrypt the data is also used to return it back to its readable state.
  • Asymmetric Encryption: This type of encryption uses two different keys. One is called a private key and the other is a public key. When one key encrypts the data, the other key is needed to decrypt it.

Encryption: What’s Good, Bad, and Really Bad

Just like most other things in the technology realm, encryption can have some really great advantages, but also some drawbacks.

The Good

Without encryption we couldn’t securely buy anything online. Your credit card details would just be there for any hacker to grab. Encryption helps ensure document security for companies and gives them more control over data privacy compliance and how protected their data is from breaches. For example, using a business VPN for your remote worker security, encrypts the data being transmitted through their internet connection and can help ensure that a hacker isn’t able to tap into their router and spy on all that sensitive data traffic. Basically, encryption is very good for your data security.

The Bad

Not all encryption methods are easy to use. They can cause a dip in productivity if users are having to email passwords or decryption keys around. And if a person loses a USB-based decryption key for a laptop hard drive, it can mean major headaches trying to make the device readable again. When encryption methods aren’t fluid or simple, users can stop using encryption on files or email messages altogether, leaving you with a security risk that you may not even be aware of.

The Ugly

In their efforts to combat cybercrime and access data and devices that may be needed for a criminal investigation, law enforcement agencies in the U.S. and other countries, are seeking a way to have a back door to all encryption algorithms that IT companies (like Apple, Microsoft, etc.) are using. In fact, this is already passed into law in Australia. In 2018, the country passed legislation that allows police to force companies to create the capability for law enforcement to access encrypted messages without a user’s knowledge. This could set a dangerous precedent, because once that back door exists, it’s only a matter of time before it falls into the wrong hands. This could lead to hackers selling those back door "keys" on the Dark Web and rendering encryption much less helpful in the future.

Get Help with Encryption & Data Security from Onsite Techs of Rhode Island

Does your business have an encryption policy for your most sensitive data? We can help you put a comprehensive data security policy in place that keeps your information protected. Contact us today to set up a security consultation at 401-415-6290 or reach out online.