WATCH The Many Benefits of Encryption – Day 28 of Cybersecurity Awareness Month
Shelly Miller 00:06
I hear about ransomware attacks all the time in the news from the Colonial Pipeline to the Kaseya breach that impacted 1000s of businesses in the summer of 2021. I mean, ransomware causes havoc and damage to our computers and networks. Like did you know that what makes ransomware such a dangerous and effective attack, is the encryption built into its malware? With us to explain benefits and challenges of encryption? Is Craig Taylor, CEO and Co Founder of CyberHoot while ransomware uses encryption and is bad encryption is actually very important for all of us. Am I right? Craig?
Craig Taylor 00:40
100% correct, Shelly. Encryption is what enables the entire internet to function as we know it today. Without encryption, we would be unable to perform most of what we like to do on the online today, such as visit a bank and pay a few bills. Your communication is always encrypted between your computer web browser and the remote banking website. This is a good thing because it ensures you and only you are doing your banking and all your private data is kept secure.
Encryption protects the confidentiality, integrity and availability, what we’ve called and talked about previously, the CIA of data protection.
However, when encryption is built into ransomware, if it’s done correctly, because there’s been plenty of ransomware that can be broken by security researchers and your data can be gotten back by poor implementations of encryption. But when they do it, right, it locks your files up solid, so you cannot get access to them unless you a pay the Bitcoin ransom or whatever Maze ransom, or you restore from a backup, a good backup and so many IT companies have done really great jobs of backing up your data, you get hit with ransomware, you turn to your backups, you’re back up and running pretty quickly.
That’s not, we don’t want to go too far down ransomware because now hackers are releasing your data to the internet. And it’s affecting the confidentiality, not just the availability. But when it’s done correctly, encryption and ransomware is a bad thing. But all the other times for our daily lives and our online internet, it’s a great thing.
Shelly Miller 02:16
Okay, so encryption can be good or bad, depending on how its used. Okay, so what are some of the common ways that encryption should be used to protect businesses?
Craig Taylor 02:25
Well, that’s a great question. For starters, let’s talk about your workstation. If you’re on a Mac, your data is encrypted by default for the last five or six years, or maybe longer, Mac’s automatically encrypt your computer and the data on it with something called File Vault on a Windows computer. Since Windows, I forget how early they introduced the BitLocker.
But with Windows 10 is but it’s on by default, it’s there. You do need to enable it though. And it’s called BitLocker. On the Windows computers, and key management is important there as well. If you imagine in our all our homes, we have those push locks where you can push a pin through the hole and unlock a door that someone locked from inside.
And people put the key, usually above the doorframe. That’s called Bad key management, if you can just pop it open and get in, right? Well, the same is true of computers, if you have BitLocker. And you’re not managing your keys, not on the device itself, but somewhere else. Then if it’s on the device, someone can use that key to unlock the computer and get you know, get access to the data.
So key management’s important. Speaking of backups, though, you have to make sure as a business that you encrypt your sensitive and critical data, both on an online and offline backup for these very reasons. If you have online backups, and those backups are encrypted by ransomware. Well, they’re of no good to, you know use.
Finally, the best advice I can give most companies is to adopt a password manager. And that’s an encrypted database of all the individual employees passwords that they use to do their jobs. It does some other magical things like prevent phishing attacks from working when you’re trying to log into the wrong website, the password manager will refuse. There’s lots of other benefits. But those are three examples of things companies should do to protect themselves with encryption.
Shelly Miller 04:09
Okay, so in summary for individuals, we should make sure we’re working on the web over encrypted communication. So we’re going to check to make sure there’s the lock symbol in our browser. We don’t use or access any websites that doesn’t have the lock. Now we learn and adopt a password manager that encrypts our passwords. And for businesses, we make sure that we encrypt our mobile laptops, practice good key management, encrypt backups and fund the adoption of password manager within the company. Great, these are some of the many ways encryption can protect personally and professionally to keep you safe.
Craig Taylor 04:47
Exactly right. Well said
