Your Guide to Using Data Encryption In Business
The UK has become a hunting ground for cyber attackers and hackers. Encrypting data is the only way to prevent these malicious individuals from gaining access to the organization’s most important information.
Learn how to encrypt your data
1. Encrypting files and folders
Windows devices come in-built with a full-service encryption feature called BitLocker, which uses the AES encryption algorithm in cipher block chaining with a 128 to a 256-bit key. It can be activated by logging into the Control Panel – System and Security – BitLocker Drive Encryption.
- iOS devices:
Apple has an in-built locker/storage called Sandbox, which is completely isolated from other areas of the device. However, Sandbox doesn’t prevent applications from accessing data when permissions have already been granted. If you want your files to be completely encrypted, use the Secure FileBox application to encrypt all files on your Apple devices.
You can also use FileVault. Go into Apple menu – System Preferences – Security & Privacy – FileVault – Lock button (enter your administration username and password) – Switch On FileVault.
- Android devices:
Android operates on an open network, and this makes Android devices vulnerable to attack. The Encrypted Data Store (EDS) creates an empty file which is absolutely unreadable by anyone who doesn’t have the password/key to access it. This file can be used to store other files, all of which get encrypted as soon as they are transferred inside it. The EDS uses various algorithms to encrypt the data, making it extremely challenging for hackers to access data.
2. Encrypting your emails
Encrypting Outlook emails is very easy. All you would need to do is go into Outlook – Tools menu – Trust Centre – E-mail Security – Encrypted e-mail – Encrypt (click okay).
Mac OS X has an inbuilt S/MIME email encryption feature, which can be activated in the Mail App. You will need to click on the “Account” option in the “From” field of the new message and tick the “Signed icon.” Once you do this, an “Encrypt” button (closed lock symbol) will appear, which indicates that the mail is now encrypted. Recipients will need to use their key to access the email.
If you’re using Microsoft 365, consider enabling the Azure Rights Management service. It gives you complete end-to-end email encryption facility and allows you to set customizable permissions for data access. If you’re using Gmail, then you’ll be happy to know that all Gmail emails are encrypted by default. For more encryption options, you can use the Secure Gmail extension.
3. Encrypting data on the cloud
By default, all cloud service providers encrypt the data on their platforms. This makes sense since cloud is basically a common pool of data resources. But, if you wish to add an additional layer of encryption to your data on the cloud, you can activate the Zero-knowledge encryption feature if it’s available in your cloud. This feature will automatically encrypt data before it uploads into the cloud from your machine and will keep it encrypted until the data is downloaded offline and opened using a private key. Sync.com, pCloud and SpiderOak are some of the alternatives to Dropbox for this feature.
If you don’t want to do this, you can choose to encrypt files yourself before you upload them to the cloud – the TrueCrypt platform is great to encrypt data on-the-go. You can also set up a VPN, which uses many security protocols like IPsec, OpenVPN, L2TP, PPTP, TLS, and SSH.
Best data encryption practices for 2019
- Decentralize your data encryption and decryption process
This will avoid your keys from remaining at one single source (which can be easily hacked and accessed) and will ensure your data is protected. Your IT support in London can help you here by offering a separate encryption server at the location of your choice.
- Put in place support for multiple encryptions and decryption technologies
This allows you to be flexible and quick when there is an overhaul of your organization’s technologies and data, especially during takeovers and M&As and you need to use new encryption technology. Ideally, all of your encryption mechanisms should be third-party-friendly.
- Create key profiles to smoothen the process of key rotation/expiration
Always create key profiles, which are associated with specific fields of data. Use these profiles to create new keys during key rotation/expiration. This will help you manage your encrypted data better, by not creating a need for constant decryption and re-encryption.
- Always maintain an account of activity
The best way to monitor the safety of your encrypted data and to enforce user responsibility, is to log-in details of all the times the data was encrypted and decrypted, the type of key used, the changes made to the data and basically, anything that happens to/with the data. You will also be complying with your GDPR requirements when you maintain an auditable trail. For more information call our team of highly skilled IT Support in London.