Cryptography

Cryptography is the use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication. Cryptography is the science that converts plaintext into an unreadable form (aka: ciphertext) by anyone without the decryption key which restores encrypted ciphertext to plaintext. This goes hand in hand with the Cryptographic Algorithm and encryption. Cryptography encompasses the mathematical principles and techniques behind encryption enabling sensitive or critical data to be kept private or limited to certain individuals.

What Does This Mean For My SMB?

Encryption and Cryptography are important to an SMB in order to protect the confidentiality and integrity of critical and sensitive information. SMB’s may fall under legislative controls such as HIPAA or PCI which require specific forms of data (Health Records, Credit Card PAN information) to be protected from disclosure (confidentiality) or manipulation (integrity). 

One strategy for SMB’s to deal with industry compliance requirements is NOT to have such data in their possession to begin with. For example, PCI compliance obligations can often be avoided by partnering with online Web Services that perform the Credit Authorization outside of your Website or store and simply provide the SMB an authorization code back. However, in cases where an SMB must collect and store such critical and sensitive data, then AES encryption is a powerful protection tool and should be used. Just make sure to protect the decryption keys.

Additionally, encryption can turn a lost device event into a financial loss, but not a cybersecurity breach by encrypting laptops with Microsoft’s BitLocker or Apple’s FileVault. Since Key Management can be an issue, be certain you have a program in place to store the decryption keys in a secure place and not on the devices that are encrypted themselves.

SMB PROTECTIONS BEYOND Cryptography

CyberHoot recommends the following best practices to protect individuals and businesses against, and limit damages from, online cyber attacks:

If you would like more information on this topic, watch this short informational video:

Source: NIST SP 800-130, CNSSI 4009

Related Terms: Encryption, Plaintext, Ciphertext

CyberHoot does have some other resources available for your use. Below are links to all of our resources, feel free to check them out whenever you like: 

Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’.

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.