Encryption

Encryption is scrambling information (converting plain text to cipher text) so unauthorized persons cannot access it. If data in encrypted form is lost or stolen, there is minimal risk of disclosure because the attacker will not have the decryption key.

In a company, encryption protects the company's intellectual property and know-how, as well as the personal data of customers, employees and business partners.

All of this can be monetized or misused by an attacker or thief.

Data encryption as part of online security

Communication can occur via the HTTPS protocol when transferring data over the internet, for example, when accessing websites. This protocol uses the TLS/SSL protocol to encrypt communication. This ensures that sensitive information, such as login or payment details, is encrypted and protected during transmission.

Some email services also support data transmission encryption (for example, using TLS/SSL) or end-to-end encryption, which is useful if you send sensitive information.

Full disk encryption is used to protect data stored on devices. This measure helps to protect the contents of the data on the disk if the device is lost or stolen.

Encryption is also used when backing up data. If someone gains backup access, they can only read them with the correct key.

Sensitive data can be stored on encrypted storage, such as an external encrypted drive or cloud storage with advanced encryption mechanisms.

Why use encryption?

For the average user, encryption can provide several benefits, especially regarding security and protecting sensitive information. Here are some of the main benefits of encryption for the average user:

•Encryption protects personal information, such as passwords, bank details and other sensitive information, from unauthorized access, helping to protect the user's privacy.

•Encryption reduces the risk of data theft when conducting online transactions such as purchases, payments or banking.

•Using encrypted email communication protects the content of emails from unauthorized persons. When a user connects to a public Wi-Fi network, encryption prevents attackers from monitoring and intercepting the data being transmitted, strengthening the connection's security.

•Disk encryption on devices such as computers and mobile phones protects data even if the device is lost or stolen.

•When using cloud storage, encryption protects uploaded data from unauthorized access by service providers or third parties.

•Encryption can serve as an effective defense against ransomware. Encrypted communication tools (such as encrypted chats) reduce the risk of misuse of the communication content.

Selected data encryption methods

Data encryption at rest

Full disk encryption—the entire disk is automatically encrypted, so the user has no control over whether or not the file is stored encrypted. However, higher hardware and time requirements for encryption must be considered.

File or folder level encryption—the user selects and encrypts only the data they want to protect. Individual folders or files are always encrypted with a single key that can be used to decrypt them again. Encryption is faster than full disk encryption, and the hardware requirements are lower.

Encryption of data in transit

End-to-End Encryption (E2E)—This is a method where information is encrypted and decrypted only at the end devices. This guarantees the confidentiality of the data being transmitted and eliminates the risk of interception or processing on the server that mediates the communication. It often combines symmetric and asymmetric encryption or uses Diffie-Hellman key exchange.

Client-to-Server Encryption (C2S)—A method where the message is encrypted only for the server through which the communication is passing, but data runs unencrypted between the client and server. This form of communication encryption is not the most secure because it can be eavesdropped on by an attacker.

Why encrypt corporate data?

Encryption provides a layer of protection for employees' personal information, financial data, trade secrets, and strategic plans. This helps prevent unauthorized access and misuse of this data.

Many industries have prescribed legal standards and regulations requiring sensitive information protection. Encryption can help a business comply with these standards and minimize the risk of fines or legal issues.

Encryption helps protect data from illegitimate access or leakage if there is a device loss or security breach from inside or outside the company. Therefore, encryption also protects against internal threats, such as employees with unauthorized access.

Leakage of sensitive information can seriously damage a company's reputation. Data encryption contributes to building a trustworthy corporate image and signals that the company is actively concerned about the security of its data and clients.

Encryption and regulations

Encryption is also required or recommended by many regulations and laws today, including GDPR, NIS2, PCI-DSS, HIPAA, SOX, and GLBA. Data breaches are much less likely to be considered a compliance failure when personal data is properly encrypted.

Encryption is also required by many regulations and laws

How to secure data encryption?

Securing data encryption requires a combination of technical measures, policy administration and employee training. Below are steps you can take to secure data encryption in your business:

•Create a clear and comprehensive security policy that includes data encryption. Define which data will be encrypted, by what methods, and who will access the decrypted data.

•Use a VPN (Virtual Private Network) to connect remotely to the network securely and encrypt emails when transmitting sensitive information.

•Use disk encryption for devices such as computers, laptops and mobile phones. Disk encryption protects the data stored on the device and provides a layer of security, even if lost or stolen.

•If you use cloud services, ensure the providers support data encryption at rest and in transit.

•Encryption key management is an essential element of the encryption process. Ensure secure storage and management of encryption keys. Renew them regularly and monitor their use.

•Implement multi-factor authentication (2FA) for access to sensitive systems and data. This provides an extra layer of protection even if the password has been compromised.

•Regularly monitor encrypted data and conduct audits. Respond to unusual activity or incidents.

•Ensure that employees are familiar with security procedures related to encryption. Training should include the importance of encryption and procedures for securely handling encrypted data.

•Keep encryption software and systems up to date. Back up encrypted data regularly to minimize the risk of data loss during key problems or other incidents.

Types of encryption

Symmetric encryption uses a single key for encryption and decryption, which the communicating parties must know.

Asymmetric encryption uses a pair of keys: a public key (which the recipient of the message does not need to know) and a private key (which the sender does not know). Thus, asymmetric encryption allows for confidential communication, authentication, and sender identification. A digital certificate can verify the authenticity of the public key.

Recommended symmetric encryption algorithms

•Advanced Encryption Standard (AES)—key length: 128, 192 and 256 bits

•Twofish—key length: 128 to 256 bits

•Camellia—key length: 128, 192 and 256 bits

•Serpent—key length: 128, 192 and 256 bits

•SNOW 2.0, SNOW 3G—key length: 128, 256 bits

(Source: NUCIB, 2022)

Diffie-Hellman key exchange (D-H)

A method of securely exchanging encryption keys over a public channel. It is one of the first protocols and practical examples of public key exchange implemented in cryptography.

RSA (Rivest-Shamir-Adleman)

The first algorithm is suitable for encryption and electronic signing (attaching a verified digital signature to a data message).

˄˅