Data encryption in a nutshell

Data Encryption in a Nutshell

Data is the most valuable commodity of the digital age, fuelling the global economy, generated and consumed in vast quantities by every application we use for business, entertainment and services. 

Like anything of value, data is at risk from thieves and malicious third parties who can benefit from acquiring it. This particularly includes personal data, which could grant access to an individual’s financial information or sensitive information held by an organization or business they are affiliated with, which could include information on customers, users and employees. In worst case scenarios people can have money stolen from their bank, and the leaking of company secrets, business plans and internal information not intended for sharing can even lead to an organization failing if it gets into the wrong hands.

That’s why we use encryption tools on computers and on the internet to protect stored data. Safeguarded by a key, in the from of a password, pin code or biometric information (such as facial, voice, or fingerprint recognition), private data is jumbled up with a complex algorithm that (in theory) would take enormous amounts of time to decode on any computing device that exists today. By granting access only to a trusted third party by giving them the key, that data should be only accessible by those who are authorized to use it.

The art of encryption has existed outside the realm of computers and digital data for millennia as a means of preventing eavesdroppers from intercepting messages. With recorded examples of encrypted messages dating back to the days of Julius Caesar, a simple algorithm called ROT13, which also became known as the “Caesar Cipher”.

But today’s digital encryption is considerably more advanced than during the time of The Roman Empire. The strength of the encryption, and therefore how difficult it would be to crack (by guessing the password key), is determined by the algorithm applied to the data encoding, and the complexity of the keys used to decrypt the data.

The industry standard data encryption algorithm used across the world today is known as AES (Advanced Encryption Standard) which was a specification established by the US NIST (National Institute for Standards and Technology). With varying key lengths, the most secure version uses 256-bit decryption keys, meaning an astronomically high number of attempts would be needed to guess an individual key.

However, as we’ll explain, there’s a bit more to safely securing sensitive information than encryption alone.

What, when and where to encrypt

At home, you probably think nothing about copying images, music or video to the nearest spare external storage device you have, ready for transferring across to a secondary computer, viewing on a big screen or lending to a friend. Have you thought about what would happen if you lost the drive with all the files on it? Would you want a stranger accessing that drive? Some of the time, it might not matter. A few copied movies or songs aren’t worth worrying about, right?

But how about images with family members or friends in them, or something precious or private to you? It’s never ideal to imagine a stranger viewing our intimate photos - possibly followed by sharing them with other individuals. What about personal documents? That job application with your personal history on it, your university thesis you’ve invested huge effort into, a digital application form with your name and address, bank details and so on? Clearly there are many reasons to keep this information private.

Since we’re all human, nobody is immune to absent-mindedness now and then, and it’s all too easy to lose small devices in public places. USB drives, phones, tablets and even entire laptops are constantly lost all around the world in public locations. Not to mention the additional risk of theft.

Likewise, what happens when you need to dispose of an old hard drive or SSD, or you’re selling on an old computer you’ve used for years? Its internal storage will be full of your personal data. Without correctly wiping the drive before you sell it on, with the right tools the new recipient can access that old data if you haven’t safeguarded it. If you’re worried about data on an old PC or storage device you’re looking to sell or dispose of, there are environmentally-friendly, non-destructive ways to safely ensure the data cannot be read from it. Have a look at our guide to secure data destruction for more information.

Whether your device is stolen, or you’re ready to dispose of data, encryption matters. If the data you carry with you has value, then you should consider protecting your devices with encryption.

This is particularly true in the workplace, and has become especially relevant in modern times with the popularity of hybrid work roles, where an individual may regularly transfer their work between the home and office, often in an insecure manner.

Work documents potentially carry more risk if lost - and more value if acquired by a malicious third party. Losing internal business data, financial information and company plans stored in documents and spreadsheets not only carries a damaging business risk for an organization but a reputation risk as well - potentially leading to future customers having second thoughts about dealing with that company.

What’s more, laws in the US (state-to-state data privacy laws such as CCPA) and the EU (GDPR) impose penalties on companies for mishandling customer data of their citizens, with fines regardless of where that company is located.

One of the most common ways companies mishandle customer information, and therefore leave themselves at risk of violating these data laws, is by losing unencrypted devices. Many historic examples of high-profile cases where government agencies and corporations have misplaced company information were caused by losing laptops, phones and USB sticks.

How to secure your data with a password that’s difficult to crack

As we mentioned, there’s more to encryption than mere algorithms. Another essential component of security is the key used to encrypt data, such as a password. Choosing an insecure password is like leaving the key to your house under the mat - no matter how strong the lock on the front door, you’re handing intruders an easy way in.

Straightforward advice is to never write the password down on paper and leave it near your computer. Post-it notes with passwords on the front of a screen are a common sight in movies whenever a computer is broken into, but this poor security practice has its roots in real-world behavior as well.

The longer a password is, the better, but it’s also preferable to avoid familiar names, words and phrases. A lot of people (still!) succumb to the temptation of using simple familiar words such as “password” to protect data, or common words from everyday English.

Rather than attempting a brute force attack, would-be hackers try using a dictionary of common English terms, combinations of those terms and numbers, typical family names and lists of passwords that had been previously uncovered in successful hacks over the internet.

With some hacking systems capable of testing millions of passwords, it’s not uncommon for people to find their data has been stolen due to their use of insecure or regularly reused passwords.

For website logins, modern operating systems as well as popular browsers and third-party password managers will automatically suggest strong passwords that contain no dictionary words, store them safely and only allow access from a single master password or biometric information. These lists of longer combinations of seemingly random characters is without a doubt the best way to manage logins online, but there are still a few weak points in this security to be aware of. If you leave your computer unlocked with the password manager open, a third party with direct access to your computer may be able to quickly access your passwords without you noticing. And in many cases, biometric authentication on phones offers an alternative unlock method using a pin code and using this circumvents the biometric authentication.

Ensuring valuable files are encrypted with a secure password is fundamental to data security. By choosing a password that will be either impossible or extremely difficult for hackers to guess, you’ve already gone a long way towards protecting your data, ensuring intruders don’t have an easy way of circumventing the protection you’ve chosen.

Software encryption

Password security matters a lot to ensure safe online transactions. But it’s also critical for software used to encrypt storage devices. Operating systems give you the option of formatting a drive with encryption, and there are many options for third-party encryption software that can accomplish the same task.

However, encryption via software has some weaknesses. If, for example, you encrypt a storage device by formatting it with Apple’s Disk Management utility, you have the option of storing the key in iCloud. If someone gets access to your iCloud account, the key to unlock your storage is also available to them. There is also the risk of key logging malware. Every time you want to unlock the disk, you have to type the decryption key using your computer’s keyboard. Certain kinds of malware may record your key strokes and send them to hackers, unmasking your password protection. This kind of malware is quite common, and while it’s always sensible to run virus scanning software, especially in business environments, this may not catch every possible piece of malware that exists. Not to mention if you leave your PC unattended with the drive unlocked, anyone with physical access to your computer may be able to access the files.

What’s more, data transfer speeds can be significantly reduced with a software-encrypted drive, with more burden placed on your computer’s processor, slowing down other computing tasks as well.

That said, software encryption is a better solution than leaving important data on external drives with no encryption at all. However, it is not the best option. Read on to discover a better way to keep data secure on external devices.

Hardware encryption is the most secure solution

The best way to keep data safe is with hardware-encrypted storage. It mitigates the weaknesses of software encryption by ensuring password input and storage remains on the device, independent of your host PC. A hardware-encrypted drive is far more difficult to crack than a drive protected by software.

It’s easy to understand how secure a hardware-encrypted device is thanks to independent certification that describes the strength and complexity of the security.

The NIST issued the FIPS (Federal Information Processing Standard Publication) 140-2 standard to approve hardware cryptographic modules, and it is this standard that guarantees high quality protection for data. FIPS 140-2 has multiple “levels” of security representing both data encryption and physical safeguards to prevent tampering with the onboard chips on a certified device.

With this label, you can be confident the device you’re using employs a tried-and-tested secure encryption algorithm, with numerous additional security features that will make it difficult - almost impossible - for attackers to gain access to your data.

This peace of mind is especially important in corporate environments, where sensitive data may be transferred around the office all the time. In the workplace, the risks of using unencrypted USB drives has led IT admins to completely disable USB ports on employee workstations, in some cases preventing the use of any USB device of any kind. While this option helps avoid the risk of leaking files via unencrypted USB drives, team members with hybrid roles or involving any kind of remote work may find it more difficult to fulfill their roles. Individuals may still need access to company resources. and a USB ban could even lead to employees resorting to other insecure methods of file sharing, such as via personal email and Google Drive accounts.

A better and safer long-term solution is for a business to embrace a policy of secure file sharing among employees, using hardware-encrypted storage devices that avoid the problems of both unencrypted and software-encrypted storage. With a working data security system in place that ensures secure data transfer and mitigates the vulnerabilities of unencrypted USB, there is no need to affect employees’ productivity from using external USB devices, and less chance employees will engage in alternative insecure data sharing methods.

Secure Data encrypted drives

The award-winning encrypted storage from Secure Data Recovery is built with Cyber Security in mind, mitigating modern threats to data security, for situations where both business users and consumers will want to ensure their data stays safe, even if a device is lost.

With built-in hardware encryption, both SSDs and USB memory sticks from Secure Data are AES-256-bit encrypted, featuring number pads on the device itself for passcode entry, sidestepping the need to rely on software on a host computer that may be vulnerable to key loggers. In this way, data security is independent of any single computing device.

IT admins can rest easier with full control over IT policies using the SecureGuard software within their organization that allows them to blacklist or whitelist devices. In this way, USB ports can be configured to only allow Secure Data encrypted drives, keeping unsafe, unencrypted USB drives out of a network but still enabling remote file transfer for employees by using Secure Data storage.

With SecureDrive BT and SecureDrive Duo, data can be remotely wiped if the device is lost. And to ensure data can’t be overwritten, Secure Data drives can be configured as read-only by an administrator, according to the needs of the organization.

Adhering to the FIPS-140-2 Level 3 standard, Secure Drives are also coated with internal epoxy resin to provide evidence of when the internal flash chips within a drive have been accessed. In situations where a lost drive can be recovered, this provides additional insight into data loss for IT admins to better understand the chance data has been accessed, and act accordingly.

This combination of security features means your data is totally safe with Secure Data Recovery External Storage Solutions. If you want to keep your data safe or are experiencing data loss on an encrypted drive contact our trusted team of experts for help.

Article by

T.J. Burlee is a content writer for Secure Data Recovery Services. He specializes in various topics in the data industry, including data recovery technology, storage devices, and digital forensics. Throughout his career, he has covered complex concepts and provided accessible solutions for users. Before joining Secure Data, he worked as a freelance technical writer.

Need Our Professional Services?

Related Articles

;