We need to start encrypting our information.
For businesses this requirement is driven by laws, some of which are as follows in the United States.
- HIPAA - medical industry
- SOX - companies that sell stock
- GLBA - finance industry
- FERPA - schools
Imagine what would happen if your smart phone is stolen with all of your banking information.
There are several different approaches.
- Data encryption
- File encryption
- Email encryption
- Disk encryption
First - ordinary data encryption.
There are two encryption strategies: public-private and symmetrical.
Most of us are familiar with https that used for data encryption in web pages and email. This uses two keys - one public key and one private key. Each key pairs is matched and unique. The public key is shared with the sender. The private key is not. The public key for a destination is used to encrypt data. Only the private key held by the recipient can be used to recover that information.
The private key is typically protected with a pass-phrase.
The other strategy uses the same key at both ends. This is symmetrical encryption.
In these examples, you first enter your key. The key can be anything, like a phrase chosen randomly from your favorite book. Next you enter your data that you would like to protect. That data is the information you wish to send. Finally, you click the 'encrypt' button. This uses the key to scramble your data so that it cannot be read.
During the next process, you split the key from the encrypted data and send each separately. For example, you can send the key using an SMS text message and you can send the encrypted data using email. The use of different kinds of transmission increases the difficulty associated with intercepting and reading the data.
Finally, the received key and encrypted data are entered into the same web page at the receive end. The recipient clicks the 'decrypt' button to get the original data back.
Congratulations. You've learned to protect your private data.
Now on to file encryption.
Files are typically encrypted when attached to email.
These are some popular file encryption tools.
File encryption tools depend rely on the same techniques that are described above. These typically depend upon a symmetric encryption where the same pass-phrase or key is used to encrypt and decrypt.
Mail encryption is different. These rely on public-private key encryption, and you will need to create a key pair. The private key will be protected by a pass-phrase that you must not loose.
You typically include your public key as an attachment on all of your outgoing email. That public key is used by others to encrypt mail that only you will be able to read. The private key is configured into the email application, and you will need to enter your pass-phrase to read encrypted mail.
Whole disk encryption prevents portable devices and data from being used if anything is lost or stolen. This makes information worthless without the proper key.
- Disk Utility (Mac only - built in)
- True Crypt
- Disk Cryptor
- GPG Disk Encryption
- PGP Whole Disk Encryption
- Bit Locker (Windows only)
- The Vault (iPhone)
- Android (built in)
Again - encryption will make your device or data inaccessible if you forget or loose your pass-phrase or key.