Encryption

22nd December 2019 | Cybrary Encryption
Encryption Explained
Encryption is the process of transforming plaintext into ciphertext. This is done by converting data into an unreadable form using an encryption cipher with variable key lengths. Assuming one is using an industry standard encryption cipher such as the Advanced Encryption Standard (AES), then the longer the key used, the more secure and difficult the encryption is to breach using brute force methods.
In recent years, the US government (politicians and 3-letter agencies) have been lobbying for a back door into encryption standards like AES because encryption is “hampering their investigations and emboldening criminals”. Related Encryption Terms: Encode, Encrypt, Encipher, Cryptography, Plaintext, Public Key Cryptography, Symmetric Key, Public Key Infrastructure, Private Key, Secret Key, Public Key Source: CNSSI 4009, ICAM SAML 2.0 WB SSO Profile 1.0.2
Additional Reading:
What is Encryption?

What does this mean for an SMB?

Encryption is important to an SMB in order to protect the confidentiality of critical and sensitive information.  SMB’s may fall under legislative controls such as HIPAA or PCI which require specific forms of data (Health Records, Credit Card PAN information) to be protected from disclosure (protect confidentiality).  The best strategy for SMB’s to deal with such requirements is NOT to have such data in your possession.  For example PCI compliance obligations can often be avoided by partnering with online Web Services that perform the Credit Authorization outside of your Website or store and simply provide the SMB an authorization code back.  However, in cases where an SMB must collect and store such critical and sensitive data, then AES encryption is your friend and should be used.  Just be sure to protect the decryption Keys. Additionally, encryption can turn a lost device event into a financial loss, but not a Cybersecurity Breach by encrypting laptops with Microsoft BitLocker or Apple FileVault. Since Key Management can be an issue, be certain you have a program in place to store the decryption keys in a secure place and not on the devices that are encrypted themselves. Additionally, CyberHoot recommends:
  1. Setting encryption passwords on important documents being sent in email (Microsoft Office now has AES encryption built in that is very very good and can be trusted as opposed to the early years 2000 to 2010 when it was easily cracked).
  2. Educate employees on what data needs to be encrypted, how to encrypt, and how to keep themselves and the company secure. 

For more information on Encryption (specifically Asymmetric Encryption), watch the short video below:

Secure your business with CyberHoot Today!!!

Sign Up Now
Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

CyberHoot Newsletter – June 2025

CyberHoot Newsletter – June 2025

CyberHoot June Newsletter: Stay Informed, Stay Secure Welcome to the June edition of CyberHoot’s newsletter,...

Read more
Make Phishing Training Count with HootPhish

Make Phishing Training Count with HootPhish

Stop tricking employees. Start training them. Take Control of Your Security Awareness Training with a Platform...

Read more
Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats

Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats

A recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...

Read more