What is data encryption

Encryption can be confusing – Is it a good thing, or a bad thing?

We understand the confusion. To answer the question – Encryption is both a good thing and a bad thing.

When encryption is a bad thing

Thanks to the surge in ransomware, you could be forgiven for thinking that encrypting data is definitely a bad thing. After all, if it’s encrypted, how on earth will it be usable?

In the scenario where you have fallen victim to a ransomware attack your data is almost certainly irretrievably lost forever. You could pay the ransom if you can afford it. But you these are criminals you are dealing with. Who knows whether they will give you the key to unlock all your files? And even if they do how do you know there isn’t something left lurking in the files to trigger the ransomware encryption again?

You had better have a good, offline backup if this happens. By offline we don’t mean an old-fashioned tape, or a disconnected USB disk. We mean something that has separate discreet versions of your backup data. For example, cloud based backup that has multiple versions of your data that can be restored.  We also do NOT mean a file replication service like OneDrive, Dropbox, Google Drive etc. They have their place but will not properly protect against ransomware.

When encryption is a good thing

However, when you purposefully encrypt your own data, you’re actually adding a level of protection to it. It means that should it be stolen; it’ll be unusable to anyone else. Many people think that if they have a good strong password their data is safe.

We hate to burst that bubble for you – but to access the data on that computer takes minutes and no need for your password. But if you have encrypted the data then it is a whole different ball game. Encryption keys are very long and secure “passwords” to unlock the encryption so you can read the data.

But less than 50% of companies have standardised end-to-end encryption set up. While they have some level of encryption, they don’t have a documented standard that covers every area of their business.

When you consider that a laptop is stolen every 53 seconds, it’s leaving businesses more vulnerable than they should be.

Microsoft 365 automatically encrypts business data by default. But if you have no other encryption set up across your systems then you still have weaknesses

Sending sensitive data

We are all used to sending an email with a spreadsheet. But if that spreadsheet contains sensitive data likes names and addresses of clients then it is very vulnerable. You can put a password on it to help secure it. But then you have to send the recipient the password, hopefully by a different method of communication than email.

Ideally you would have an email encryption system that detects when an email needs encrypting and securely stores the email for the person to log in a pickup. This may seem like a nuisance, but many small to medium business were in the habit of emailing the payroll details over to their accountants or outsourced payroll bureau. I hope since GDPR came into force nearly three years ago that these practices have now stopped.

Don’t forget the USB sticks!!

How many times have you quickly copied a file to a USB stick to transfer something to a colleague’s computer? When you transferred it on you deleted it from the memory stick didn’t you? No? You had best go and check. But even if you did delete it the data could still be on the USB stick!!

Deletion is no way to protect your data

So you want to get rid of your laptop because you have a new one. You have deleted all your data and emptied the recycle bin. You even deleted your whole user profile folder just to be extra secure. Job done – hand it over to the charity giving laptops to school kids. You feel good about yourself, and why shouldn’t you, you just did a great thing.

WAIT A MINUTE – what most people don’t realise is that when you delete a file you just delete a reference to it. What do I mean? Think about a book – you have a contents page at the front and an index at the back. Deleting a file is simply like cutting out the entry in the contents page and index. The page with all the content (i.e. file with all the data) still exists. It just might take a bit more effort to find it now.

So how do I encrypt my computer?

Firstly, you need to avoid the rookie mistake most small business owners make when they start up. They don’t have loads of business coming in so want a fairly cheap laptop. They buy one with Windows 10 Home edition operating system. One of the biggest restrictions of the Home edition of Windows 10 is that it does not include Bitlocker, which is the bit you need to enable you to encrypt your data.

You can upgrade from Windows 10 Home to Windows 10 Professional. It is not cheap, but it is cheaper than a fine for a data breach. But you also need to check if your computer has a TPM chip. The TPM (Trusted Platform Module) will store the long encryption key for your computer so you don’t have to type this long key in every time you start the computer. Some consumer computers may not have this inside.

You can still encrypt without a TPM but you should use a USB stick every time you turn on your computer. If you lose the USB stick, you can’t get into the computer without the long encryption key.

Let’s assume you are a pro. You never made any of those rookie mistakes and you have computer designed for business with a TPM and Windows 10 Professional. You can simply press the windows start key and type in Bitlocker. Manage Bitlocker will appear in the search list. Click on that and you can turn on encryption from here. Make sure to use the option for “Full disk encryption” otherwise all the data in those deleted files won’t get encrypted.

And whatever you do. DO NOT LOSE THE ENCRYPTION REVOVERY KEY YOU HAVE TO SAVE, PRINT OR STORE IN YOUR MICROSOFT ACCOUNT. If you lose it and you get locked out you will not be able to recover your data. That is after all the whole point of encryption in the first place.

If you need professional help with this or any other aspect of your I.T. security or management then book a video chat with us here.