What is Encryption and how does it work?
Encryption is the process of encoding information to prevent anyone other than its intended recipient from reading it. Data encryption uses an algorithm (known as a cipher or ciphertext) to convert information into random characters or symbols. These are unreadable to anyone who does not have access to a special encryption key used to decrypt the information (we described this in more detail in the first of an earlier two-part blog post about data encryption).
A single, intercepted email can provide a password, a confidential file or other private information to a hacker. But a hacker can also hijack your entire email account to read emails, send emails, gather confidential information and more. As reported in a recent PC World article, “If you leave the connection from your email provider to your computer or other device unencrypted while you check or send email messages, other users on your network can easily capture your email login credentials.” To keep your emails and email accounts safe, these three things should be encrypted:
• The connection from your email provider. Encrypting the connection prevents unauthorized users from intercepting and capturing login credentials, and any email messages travelling server-to-server.
• Your actual email message. Encrypting email messages means any emails intercepted will be unreadable.
• Your stored, cached or archived email messages. Encrypting your stored messages will prevent a hacker from reading the saved files on your hard drive or network.
Instant Messaging Encryption
For many people on your team, the productivity advantages of Instant Messaging are enormous. The speed of delivery and response can far surpass other electronic communication options. But since standard SMS texting is unencrypted, conversations can be monitored by hackers or even law enforcement personnel.
Fortunately, many IM providers already implement a level of encryption. For example, the Messages app on an iPhone or macOS device incorporates end-to-end encryption. The WhatsApp messaging feature on many Android and Windows devices also uses end-to-end encryption
Other providers may not be as secure. Recently, popular collaboration hub Slack received some unwanted attention for just this reason. Slack markets itself as a place “where you and your team can work together to get things done … From project kickoffs to budget discussions, and to everything in between.” Slack has more than 10 million users every day. But according to a report by CNBC, executives are concerned about the commonplace sharing of sensitive data on Slack. “I love my people, but they never shut up on Slack,” said the CEO of a security company. “It’s very good for productivity, but the problem is we’re working on security, so we have to be careful about what we say.” About a quarter of corporate breaches are related to insiders, (per a report from Verizon) and they can easily use information gathered from collaboration tools like Slack and Dropbox.
Encryption Made Easy
Encryption applications for emails and SMS messaging are easy to find, but not all are equally effective or easy to use. In addition to security, a successful encryption program should be:
• Encryption should take as few steps as possible and be easily accomplished by the most non-technical user. For the most part, this means the email encryption application should be automatic.
• Encryption should enable the safe delivery of messages to anyone, regardless of their email server or own security protocols (or lack of them). It should look and act just like regular email.
• Content Agnostic. Your email encryption should also encrypt documents, sound files, spreadsheet, video or any other attachment.
• Only you and your recipient(s) should be able to read the message, not even your encryption provider.
The Importance of Staff Training
With so many people in your organization dependent on email and IM, it is critically important that they are aware of the risks involved and are open to incorporating best practices into their daily routines. Security Awareness Training should be a mandatory part of every team member’s basic training. Security Awareness Training conditions staff not to click or open anything that looks suspicious and focuses on changing human behavior to make security part of workplace culture.
How to Implement Encryption for Your Cyber Security Program
If your organization is not currently encrypting instant messages, and insisting on the use of encrypted email applications, you are putting your organization at pointless risk. DYOPATH works with many different businesses and schools on their cyber security. We can train your staff, help you analyze, procure and implement the best security software and protocols, and work with you to put the processes in place to help you navigate safely through the dangerous online world. Our security offerings are as vast as they are effective. Safer and effective messaging through encryption is a great place to begin.