|Volume 4 Issue 8||August 2010|
|In This Issue|
|Data Security: What's the best way to protect my electronic files? Use encryption|
|Data Security: What's the best way to protect my electronic files? Use encryption |
Many years ago I was working with a client who traveled a lot with his laptop computer. We had already set his computer to require his user password whenever it started up or woke from sleep. He asked, "What if someone steals my laptop? Can they get past that password?" I told him there were at least three ways a technically inclined thief could access his data after stealing his computer:
At the time I didn't have a good solution to recommend, but since then I've learned that the best defense against all of the above possibilities (and more) is to use encryption to protect your data.
Encryption may also be important to implement on your computer as another step toward becoming compliant with the new Massachusetts Data Security law.
A simple example
Do you remember playing with "secret codes" when you were a child? The message "HI THERE!" becomes "IJ UIFSF!" using a simple code that says "change A to B, B to C, C to D, etc., but don't change spaces and punctuation." Thus, H becomes I, I becomes J, T becomes U, etc. To decode such a secret message (if you know the code) you reverse the process (B becomes A, etc.). You could call this a "letter-shifting" code that shifts by 1 letter.
A letter-shifting code that shifts by 2 letters would change A to C, B to D, C to E, etc.
What if you didn't know the code? If you knew that the secret message was probably in English, since the most frequent letter in the coded message is "F," you might guess (correctly) that it probably represents the letter "E," which is a good start towards deciphering the message.
More generally you could describe this type of code as a "letter-shifting" code that shifts by "n" letters, where "n" is a number from 1 to 25. (Shifting by 26 letters would turn A into A, B into B, so it wouldn't change the message.)
What is encryption?
Encryption turns information into gibberish in order to prevent unauthorized people from being able to use that information, while also preserving the ability to decode it back into its original form.
In general, encryption has two important parts:
Here's an analogy: Instead of putting your (readable) sensitive papers in a locked file cabinet, where picking or breaking the lock gives a thief complete access to all of those (unchanged) papers, encryption changes the information on those papers into nonsense. So, whether you locked them in a file cabinet (certainly a good idea) or simply left them out for all to see, a thief would have to decode them in order to get that information. The tougher the code, the stronger the password, the better protected your data will be.
Many older encryption algorithms have been "broken." There are now well-known methods that easily decode them, much like older skeleton-key locks or pin-and-tumbler locks won't stop an experienced thief.
Examples of weak computer encryption include:
The best modern (and currently unbroken) algorithms I've seen are:
Certain programs you use every day already use encryption:
Even the best encryption algorithms won't protect your data very well if you choose weak passwords (short, simple, easy-to-guess, involving personal information about you, or common English words). Strong passwords are at least 8 characters long, use a variety of characters (lowercase, uppercase, digits, and punctuation), and avoid personal information and common words.
Another important use of encryption: Protect your backup
If you use an external hard drive or flash drive to back up your data, would that data be secure if your backup drive were lost or stolen? If your backup were encrypted with (say it with me) a strong password, then the answer is Yes!
If you're using an online service for your backup, they probably use encryption to transmit your data over the internet to their computers. However, unless you choose the encryption password before your data leaves your computer, the employees working at the service can probably access your data. What if they don't wipe their old computers before replacing them? What if a thief (or an employee) broke into or stole one of their computers? I'm not convinced an online backup service is the best choice when it comes to encryption, unless you encrypt your data before the service backs it up.
What's it like to actually use encryption?
Here's one way I've put encryption into practice in my daily work:
I have a number of documents relating to certain clients. I used to keep these files in a regular folder called Clients, with a subfolder for each active client. A few months ago I encrypted it:
Can someone still crack my encryption and access my data?
There are many methods that thieves may use to successfully decode your encrypted data, including:
If you have any comments about this article, send me a reply!
If you have a topic that you'd like me to write about, I'd love to hear about it!
How to contact me:
phone: (617) 484-6657
On a regular basis I write about real issues faced by typical computer users. To subscribe to this newsletter, please send an email to firstname.lastname@example.org and I'll add you to the list, or visit http://www.kadansky.com/newsletter
Did you miss a previous issue? You can find it in my newsletter archive: http://www.kadansky.com/newsletter
Your privacy is important to me. I do not share my newsletter mailing list with anyone else, nor do I rent it out.
Copyright (C) 2010 Kadansky Consulting, Inc. All rights reserved.
I love helping people learn how to use their computers better! Like a "computer driving instructor," I work 1-on-1 with small business owners and individuals to help them find a more productive and successful relationship with their computers and other high-tech gadgets.