By Dave Moore, CISSP
07/24/2022
The best way to protect computerized information from the bad guys is to use encryption. Whether it’s financial and medical information stored on your computer or private data sent across the Internet in an email, encryption transforms your personal information into a secret code that can only be unlocked if you have the key.
Don’t be put off by any of the unfamiliar terminology that may be involved. Using encryption does not require a degree from James Bond University or permission from the CIA. Many modern encryption products are so easy to use that, yes, even cave dwellers can use them.
When securing your data, there are two main areas where encryption should be used, known as “data at rest” and “data in motion.” “Data at rest” is information that is simply being stored on hard drives, flash drives, etc. “Data in motion” is information that is in transit between devices, such as across a network or the Internet.
There are many good products that will encrypt data at rest and most of them work around the same set of principles, which are similar to installing a wall safe in your home. The first step is to create an encrypted folder or “container;” this is your safe. Next, you assign the folder a password or “encryption key;” this is the combination to your safe. Finally, you put items that you want to protect into your safe, i.e., your encrypted folder. From then on, anyone that wants to access those files that you have protected will have to know your special encryption key, which, of course, you will keep secret. It really is that simple.
While both Windows PC’s and Apple Macs can have built-in encryption functions, they are often too restrictive in their hardware requirements and ease of use for many folks, so I recommend third-party encryption products.
One product that I like for data at rest is called Cryptainer LE, which can be found at cypherix.com/cryptainerle. Aimed at Windows users, Cryptainer LE, perfect for home users, is the free version of Cypherix’s more industrial-strength encryption products and is easy-as-pie to use. Like most encryption products, Cryptainer LE will also let you protect files on removable flash drives, portable hard drives and even CDs. Those in business settings will probably want to opt for Cypherix’s more powerful products which, starting at $30, are a bargain.
Mac (and, Windows) users should check out Veracrypt at www.veracrypt.fr. While Truecrypt is not as drop-dead easy to use as Cryptainer, it’s not terribly difficult to use, either. It is very strong encryption and is an excellent choice for PC and Mac users. It is one of the few free encryption options approved for use by employees of many major corporations.
Data in motion needs attention too, specifically, email. Let’s face it, though, most email sent by most email users does not need strong encryption. But when it does, the most drop-dead easy way to deploy encrypted email has to be from a company in Switzerland called ProtonMail (protonmail.com). You just sign up for an account, get an email address and start using it. There are free accounts for personal use, and paid accounts, starting at 4 Euros per month (about $4.08 U.S.) for businesses.
Books can be (and, have been) written about file encryption, and there are numerous encryption methods available; too many to mention here. This should be enough information, though, to get you started and thinking about the subject. For some very entertaining, enlightening and educational reading on the subject, check out Steven Levy’s book “Crypto.”
Home users will want to protect their important QuickBooks and TurboTax files, as well as financial and medical information. Many businesses, such as those in the legal, financial and healthcare industries are now required by law to use due diligence in protecting sensitive personal and private information; encryption is how it’s done.
While I don’t recommend storing anything on your phone that would require encryption-level protection, for folks who just can’t seem to control themselves, you’ll want to enable encryption on your phone. On iPhones, make sure you use at least a six-digit PIN; check Settings, FaceID & Passcode, and make sure it says, ” Data protection is enabled” at the bottom. Android users, see Settings – Security – Encrypt device.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or internetsafetygroup.org