Encryption

Encryption is the process of transforming plaintext into ciphertext. This is done by converting data into an unreadable form using an encryption cipher with variable key lengths. Assuming one is using an industry standard encryption cipher such as the Advanced Encryption Standard (AES), then the longer the key used, the more secure and difficult the encryption is to breach using brute force methods.

In recent years, the US government (politicians and 3-letter agencies) have been lobbying for a back door into encryption standards like AES because encryption is “hampering their investigations and emboldening criminals”.

Synonyms: Encode, Encrypt, Encipher, Cryptography, Plaintext, Public Key Cryptography, Symmetric Key, Public Key Infrastructure, Private Key, Secret Key, Public Key

Source: CNSSI 4009, ICAM SAML 2.0 WB SSO Profile 1.0.2

 

Additional Reading:

What is Encryption?

What does this mean for an SMB?

Encryption is important to an SMB in order to protect the confidentiality of critical and sensitive information.  SMB’s may fall under legislative controls such as HIPAA or PCI which require specific forms of data (Health Records, Credit Card PAN information) to be protected from disclosure (protect confidentiality). 

The best strategy for SMB’s to deal with such requirements is NOT to have such data in your possession.  For example PCI compliance obligations can often be avoided by partnering with online Web Services that perform the Credit Authorization outside of your Website or store and simply provide the SMB an authorization code back.  However, in cases where an SMB must collect and store such critical and sensitive data, then AES encryption is your friend and should be used.  Just be sure to protect the decryption Keys.

Additionally, encryption can turn a lost device event into a financial loss, but not a Cybersecurity Breach by encrypting laptops with Microsoft BitLocker or Apple FileVault.

Since Key Management can be an issue, be certain you have a program in place to store the decryption keys in a secure place and not on the devices that are encrypted themselves.

Additionally, CyberHoot recommends:

  1. Setting encryption passwords on important documents being sent in email (Microsoft Office now has AES encryption built in that is very very good and can be trusted as opposed to the early years 2000 to 2010 when it was easily cracked).
  2. Educate employees on what data needs to be encrypted, how to encrypt, and how to keep themselves and the company secure. 

For more information on Encryption (specifically Asymmetric Encryption), watch the short video below:

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.