As you might imagine, the data recovery team here at Dave’s Computers spend a lot of time recommending and implementing encryption to our customers. Not long ago it was only enterprise and small business clients wanting to encrypt their data. Now everyone seems to want to know about it. That’s exactly what today’s post is all about.
Data encryption protects data at rest. That is the data on your hard drive or memory stick. Encryption is a very effective measure against data loss and one of the most common tasks my data recovery team undertake on an almost daily basis. As the tools are relatively cheap, the process is quite straightforward and the protection it offers significant, there is every reason to encrypt your data.
What is data encryption?
Data encryption refers to the scrambling of data using a mathematical formula made up of prime numbers. When data is saved to an encrypted hard drive, the encryption software uses a formatted encryption key to scramble the data. When using the data on your computer, the software automatically decrypts it so you can use it. Without that decryption key it would be almost impossible to see what that data means.
If your computer gets hacked, you leave it on the subway or something else, your data is safe. You will undoubtedly be annoyed that you lost the device but at least your personal or company information will be safe!
Most encryption uses ‘public key encryption’ or ‘asymmetric encryption’, invented in 1973 by the British GCHQ, their version of the NSA. It uses a private and a public key to encrypt data. The private key is kept on your computer, the public key can be shared so others can safely encrypt data. This enables you to securely share sensitive information without fearing it will get into the wrong hands.
If you share the decryption key, how is it safe?
If you share a decryption key in public, how does it keep your data safe? This is a question we see and hear a lot and is a very valid point.
Public key encryption works like this. It is split into two, a private key and a public key. A public key can only encrypt data. It cannot decrypt it. For decryption, you need a private key matched to the public key. So anyone with a public key can encrypt a message and send it to someone. Only that someone, presumably the right person, who has the private key can decrypt it.
So even though the public key is out there, it offers absolutely no access to unencrypted data. Public keys are verified by organizations called certificate authorities who verify a public key is real for an extra level of protection.
How does data encryption work in real life?
For most of us, Windows BitLocker or Apple FileVault will be our default choice as they are available within the operating system. Third party software solutions are also available that you install and set up onto your device. Once installed, the software will select a random prime number decryption key and encrypt all data on the selected hard drive using that key.
While the data remains on your computer, the software will automatically decrypt it when you open a file or folder. You will not even know it most of the time. The only sign will be a slight delay in the displaying of that file due to the decryption process.
If you want to send encrypted files, you will need a public key given to you by the person you are sending those files to. If you have a business, keys will often be provided by your organization. Otherwise, your encryption software can generate a key.
In terms of preventing data loss, encryption works in tandem with your other protections to keep data safe. Encryption will not keep your data safe from attack but it renders it inaccessible should an attack be successful. So if your firewall and barrier protections fail, your data will remain confidential.
How safe is data encryption?
Most modern encryption applications use 128-bit of 256-bit encryption. This gives literally billions of billions of potential combinations. 256-bit equates to 2256 which is a lot. A supercomputer can attempt 250 keys per second and a billion supercomputers could check 275 per year. To reach 2256, it would take more time than has existed so far to crack using brute force.
The usual tools to crack encryption is brute force. This is where a hacker uses a special program to try every possibility in turn to try to find the correct key. Considering the math above, brute force alone could not hope to find the key but doesn’t stop them trying. This means encrypted data is as safe as it can be. The sheer computational power needed to brute force decrypt it makes it all but impossible right now.
Brute force is not the only attack possible but it is the most common. Others include the side-channel attack which are launched at the cipher itself instead of the key and would only work if the cipher itself was flawed. Another attack is cryptanalysis, which also goes after the cipher. As long as you use a good quality encryption solution, these two attacks should not work.
Should I use data encryption?
In a word, yes. Dave’s Computers wholeheartedly recommends everyone uses encryption as standard whether in business or at home. Data is currency and with more viruses, malware and Trojans than ever before, it has never been more important to protect your data.
Whether it is your personal information or company secrets, data is valuable. That means it is worth something to someone. Therefore, it is worth stealing. When anything is of value, there will be someone willing to try and take it from you.
Considering encryption software is included in higher levels of Windows 10 and in macOS, there really is no excuse. Both operating systems contain wizards that walk you through the process and will keep your data safe from that moment on. Third-party encryption software is also reasonably priced and very secure.
If you have any issues with encrypting your data or would like expert help setting up security on your network, contact Dave’s Computers in Hillsborough. We will be happy to help!