Why encryption is in your interest
Just imagine that you are asked to transport a number of packages to the other side of town in a luxury convertible. You drive through the city center and at every set of traffic lights people come over and stare at and into your car. You feel vulnerable with the roof down because the packages are there for the taking. This same undesirable situation occurs on the Internet where malicious actors try to steal data in order to sell it. Luckily, there is a solution in the form of encryption. But what is encryption? And how do you use it?
What is encryption?
Data leaks are in the news more and more often these days. A data leak means the destruction, loss, alteration or sharing of personal or company data by malicious parties. In other words, it is a data security violation. Data leaks can be prevented by using encryption. But what is encryption? Encryption is when online (sensitive) data, such as personal or company data, is converted into a code in order to protect it. The Internet consists of million of IP addresses which can be identified by, for example, hackers. If you do not protect the content of your data, hackers and malicious actors will be able to gain access to it. Encrypting your data gives you better protection against hackers and other criminals.
Encryption involves two parties agreeing to encrypt any data they exchange. This may, for example, be a simple email, but also sensitive company information.
Encryption always involves three things:
- Integrity: Is the data that arrives with the recipient the same as the data transmitted by the sender?
- Authenticity: Has the data actually come from the sender?
- Exclusivity: Are you sure that no one else has been able to view the data?
A good example of detecting, reading and blocking data is The Great Firewall used by China. It was introduced by the Chinese government to block access to selected foreign websites and to check, delay or exclude cross-border Internet traffic. As a result, the Chinese population are, for example, unable to use Twitter or Facebook. In short, the Chinese authorities decide what sort of data enters and leaves the country.
Symmetric and asymmetric encryption
There are two types of encryption, namely symmetric and asymmetric encryption. Asymmetric encryption is used most and is based on a complex arithmetic formula. It involves the use of a public and a private key. Party A can encrypt the information using a private key and party B can access this information using the public key. The emergence of quantum technology means that this complex arithmetic formula can be deciphered in a couple of seconds. Consequently, the use of asymmetric encryption is not quantum proof.
Symmetric encryption involves keys being exchanged in advance and that requires party A and party B to know each other beforehand and for it to be possible to exchange the keys in advance. Because this is difficult to do in practice, symmetric encryption is used less frequently. The main advantage of symmetric encryption is that quantum technology only has a limited effect on this method. If symmetric encryption is applied with the AES 256 protocol, it is regarded as being quantum proof, and this has also been endorsed by the NCSC.
The importance of proper encryption
Although the Great Firewall of China and symmetric and asymmetric encryption all sound very alien, the opposite is, of course, the case because it is also in your interest to use encryption, for instance when sharing and storing company data on your computer systems. When, for example, you conclude an agreement with another company, that agreement will contain company-sensitive information. The details of the contract are not supposed to be accessible to the general public. That is why you should always ask yourself how important your data is, whether to you personally or otherwise. The last thing you need is for sensitive data to end up in the wrong hands.
The consequences of not using encryption can, in some cases, be huge and unlike in the case of, for example, ransomware, the perpetrator will not tell you that he has accessed your messages. Another example would be a fictitious trade treaty or agreement between two countries or companies. Both parties want to conclude an agreement which will give them a massive competitive advantage. There is only one problem and that is they fail to use encryption and other countries in the world, or competitors, find out. The fact that the plans for the treaty or agreement in question have been intercepted means that the whole thing cannot go ahead. They lose their intended competitive advantage and the economic consequences are huge. All of this could have been avoided if they had used encryption because then the data relating to the treaty or agreement would have stayed secret.
Something else you need to ask yourself is whether asymmetric encryption is still safe enough. Security services warned several years ago that both countries and criminals are storing encrypted data on a large scale, with the possible aim being to decrypt it at a later stage using quantum technology. You should therefore always ask yourself what the risk to you would be if your data ended up in the hands of malicious actors.