A common misconception that many people have about securing data and privacy of data communications is “as long as the connection between the sender and recipient of information is secure then the data itself is also secure”. Well, nothing could be further from the truth. This was borne out in my last two articles in which I alluded to the fact that on today’s modern networks, public or private, all data can be hijacked and inspected en route without the sender’s or recipient’s knowledge. Shockingly, I heard State Minister of Technology Julian Robinson at a recent event he was addressing say quite nonchalantly that all data & communications are already monitored in one way or another. Not sure if statements like those can be viewed as appropriate coming from the Minister, albeit true.
The reality we all face is that we simply cannot communicate
in this day and age entirely on closed systems, we must use public networks, as well as any networks that we must connect to when we’re at our place of work. Regardless of the network that we make that connection to, there is always the possibility of cyberattacks that can compromise the network, and more specifically the endpoints. Endpoints are a remote computing device that communicates with the connected network (visit this page for info) and if they don’t have the relevant protection, it makes it easier for these cyberattacks to happen. Can you think of anything worse? This is why we must be careful when using public networks because these things could happen. So does this mean that privacy is dead? What is one to do in order to protect electronic data? What happens if my data is lost or stolen in transit? Who will be held responsible in the absence of Data Protection and Privacy laws that treat with these situations?
The truth is electronic data will never be entirely private or secure but you can make it harder to steal. I often use the example of the home with burglar bars on every window and an alarm system. Burglar bars and alarms are just deterrents because they will not stop a motivated thief from breaking in, it only slows them down or encourages them to look for an easier target. This is the choice you face when it comes to protecting your own electronic data, you have to employ deterrents and simply make it more difficult for would be thieves and hackers. One of the ways to “deter” people from stealing your data, you could use a VPN. Use a vpn within your country to minimise how far data is transmitted (hence less time for it to be intercepted).
This is important especially with the advent of portable
data storage devices like CD-ROM’s, DVD’s, USB (Jump) Drives, Laptops, Mobile
Phones and Tablets. Many of us are walking around with very sensitive data on these
devices with absolutely no protection or encryption installed on them. However, when these devices are lost or stolen the sensitive data goes with it. Remember when
Minister of National Security Peter Bunting’s Blackberry was stolen? I wonder if
that phone was encrypted. Can you imagine what kind of “sensitive”
information could have been on that? Oh, and the BB data wipe would only work
if the phone was turned on and connected to the network so NO that would not
solve the problem. Unless of course the
phone had Lojack installed (which I doubt), in which case GPS could be used to
locate it, turn it on remotely and then wipe it. I digress.
It is no longer good enough to have a simple password on
these devices as the protection method. “Brute Force” password attack
programs can easily circumvent these basic security measures. There are many of
us who don’t even have a password on our computers or mobile devices let
alone encryption. In the case of mobile devices we sometimes elaborate unlock
patterns as if these methods are unbreakable. It is interesting to note that
some mobile device vendors have recognized the need for more robust security
measures and have stated to incorporate clever biometric access methods into
their latest devices.
There is also another common misconception about the
security of proprietary email systems like Microsoft Exchange, IBM Notes or
Novell Groupwise. Use of these types of systems does not mean that email
communications are automatically secure. The security only exists when an email
is exchanged between other recipients within the same system or on the same
message store. However, when a message is sent to an external mailbox (like a
Gmail or Yahoo mailbox) it is no longer secure.
Encryption
to the rescue
The best way to start protecting your electronic data from
prying eyes is through use of encryption. This approach to securing your data
is a necessary inconvenience in an increasingly data driven, digital economy
because digital data is portable and as a result is more vulnerable.
What is Encryption
and how does it work?
Encryption is the
process of encoding messages or information in such a way that only authorized
parties can read it. This is accomplished through the use of a “key”.
This key is used to scramble data at its source before it is sent and then to
descramble it at its destination when received. The method of scrambling is
often referred to as the encryption algorithm (An algorithm is a technical term used to define a process used to
perform a specific type of calculation). There are many types of encryption
algorithms e.g. AES, DES, Twofish, Blowfish, TDES, Serpent.
Encryption is not a new technology; in fact it has been
around since the early days of Egypt in the form of certain hieroglyphics. The
Greeks also used a form of encryption tool called the Scytale. Later in World
War 2 the British, American, Japanese and the German military used encryption
systems for communications. The most notable being the German ENIGMA machine.
Today, encryption systems and methods are available to just
about everybody and the good thing about it is that in many instances you can
acquire very sophisticated data encryption solutions for free. Versions of
popular device operating systems and software like Windows, UNIX, Linux, MacOS,
iOS and Android already have data encryption capabilities built in which will
allow you to encrypt your emails , documents and even voice communications.
Because of the nature of data communications methods,
encryption of data files and encryption of data communications are not handled
in the same way. As such email communications for example are encrypted using a
different process from data files. So it is important to ensure that you take a
complete end to end encryption approach if you intend to secure all of your
information and communications, no weak links can be allowed.
There are many vendors who provide complete encryption
solutions some of these include Microsoft (BitLocker), Symantec(Endpoint),
TrueCRYPT, Sophos (SafeGuard), McAfee (Endpoint), Apple (FileVault),
NewSoftware (FolderLock).
If you want to ensure that your data is protected and
shielded from prying eyes even when it is stolen with or without your
knowledge, ENCRYPT IT!