Data encryption is something that a lot of people interact with without even knowing about it. When you set a PIN on your mobile phone or a password to unlock your laptop, this often ties back to an encryption setting. So if you lose those devices, the data in them is protected.

Although encryption is often transparent, it is important to understand what it means so you can ensure this key security control is configured for all the key devices and systems you use.

What is encryption?
Encryption is a method of converting data in human readable form into a secret code. There are multiple different types of encryption, and you interact with them every day:

Websites and HTTPS
Websites use encryption (also called asymmetric key encryption) when they set up their website to use HTTPS. You can tell a website uses HTTPS by looking at or double clicking the URL in your browser.

When you access a website using HTTPS, all the information you enter into the website is sent encrypted back to the website owner. The website owner holds the key to turn the secret code back into human readable form. If an attacker was able to view the information in that connection, they would only see the secret code.

Device passwords and PIN
Newer operating systems for mobile phones, tablets, and laptops ask you to set a PIN or password when you set them up. This password is used as an encryption key (also called symmetric key encryption) and is needed in order to unlock and access data on the device. If someone steals your phone, they would need that secret key in order to unlock the device and access the data.

Website and system owners who collect your data also have to care about encryption. For businesses, it looks different but the concept of having single or pairs of keys to unlock secret codes is the same.

How to use encryption
You’ll often find the option to enable device or data encryption on any devices you use. You can search your device settings for ‘encryption’ and it should prompt you to create your key.

Treat your device password or PIN like a good password. Keep it unique and long enough to be easy to type in and remember, and keep it safe. If someone else has access to your key, they can decrypt your device and access your data.

How to create a good password
When accessing websites, you only have to check the URL and make sure you are visiting the right website and that the website uses HTTPS. Typing in the URL yourself into the URL bar is a good way to make sure that an attacker did not trick you into going to their phishing website (which might also use HTTPS!).

What can I do myself?

When processing personal data, ask yourself the following:

  • Do you always handle sensitive information carefully?
  • Is it clear to you what the data you work with (should) be used for?
  • Do you know with whom the data is shared?
  • Know who has access to the information?
  • Do you know what to do if you find out that you have access to data that does not belong to you?

What more can you do?

  • Shut down your computer when you leave (for a while) (usually with the Windows + L key or Ctrl + Alt + Del).
  • Do not post confidential information on public websites or in the Public Cloud.
  • Never place confidential data on unsecured data carriers (USB sticks, etc.).
  • Do not mail confidential information to your private e-mail address.

Always secure business mobile devices (laptop, tablet and smartphone) with a password, pin code or provide them with biometric security such as fingerprint, iris scan or facial recognition.

Despite all technical and organizational measures, to safeguard the protection of personal data the (unconscious) behavior of employees remains the weakest link in the chain. Snowflake Security can help you with this. A course or information session for employees to bring the new legislation and awareness of this subject to the attention is therefore by no means a superfluous luxury.

Author's Bio: 

Misty Jhones