How does encryption work?
Did you know that by 2025, globally, the amount of data generated in the cloud or connected servers will reach around 463 exabytes, each day? One exabyte is one billion gigabytes!
This figure from SeedScientific highlights just how much data businesses collect and store and is the reason why data must be kept safe from breaches and other cyberattacks. One of the ways to do this is through encryption which is already used in many of our daily online activities without you thinking about it, like in our online banking, shopping and browsing.
Encryption is the digital equivalent of an unsolvable jigsaw puzzle. It’s a way of scrambling information so that only the intended recipient can understand it. Encryption is an essential part of modern communication and commerce, allowing us to send sensitive, confidential or personal information over the internet without fear of it falling into the wrong hands.
With businesses storing their information in the cloud or on servers with an ongoing connection to the Internet, your data is most likely going to end up on another organisation’s systems, so it’s important to keep this data private.
What is encryption?
At its most basic level, encryption involves taking a message or piece of data and scrambling it using a mathematical algorithm. This algorithm is designed to be extremely difficult to reverse, meaning that anyone who intercepts the message will not be able to read it without the encryption key, which the recipient has, which then unscrambles it back into plain, readable text.
Encryption protects the data you send, receive and store on devices, whether it be text messages, running logs saved on your Apple Watch or banking information sent through your online account.
How does encryption work?
Think of encryption as a secret language between two people, the language being called, cipher text. Imagine you and a friend agree to use a secret code where each letter of the alphabet is represented by a number. You can use this code to send messages back and forth without anyone else being able to read them, as long as they don’t know the code.
In the digital world, encryption works in much the same way. When you send a message or data over the internet, it’s first encrypted using an algorithm that generates a unique key. This key is a long string of random numbers and letters that is used to scramble and unscramble the data in a process called decryption. Without the key, the encrypted data is unreadable.
This key can be generated through a couple of methods. Through Bit Sequence, or key space, where it specifies the units for the number of possible key combinations, with the bigger the key space, the stronger the encryption; as well as through Password-Based Key Derivation Function 2 (PBKDF2) which creates keys from a random string of passwords which then goes through Bit Sequence.
Types of encryption
There are two main types of encryption:
Symmetric encryption: where the same key is used to encrypt and decrypt the data. With symmetric, both the sender and receiver must have access to the same key.
Asymmetric encryption: this uses a pair of keys, one public key and one private key. The public key can be shared with anyone, while the private key is kept secret. When someone wants to send a message to you, they encrypt it using your public key. Only you can decrypt the message using your private key.
Encryption is used in a wide range of applications, from online banking and shopping to secure messaging and file storage. It’s also used by governments and military organisations to protect sensitive information.
There are different types of encryption algorithms, such as the now-obsolete Data Encryption Standard (DES) established by the U.S. government in 1977; Triple DES strengthens the DES through encryption, decryption and another round of encryption; RSA is popular for its key length; Advanced Encryption Standard (AES) was developed as the U.S. government standard in 2002 and is used worldwide; TwoFish is one of the fastest algorithms used both in hardware and software and is free to use.
One of the most common encryption protocols used on the internet by reputable websites is SSL or Secure Sockets Layer. This protocol is used to secure connections between web browsers and servers, allowing you to safely enter sensitive information like credit card numbers and passwords. SSL works by establishing a secure connection between your browser and the server using a combination of symmetric and asymmetric encryption. You can tell a website is using this technology by looking for the padlock icon in the URL bar and the ‘s’ in the ‘https://.’
Ensure you and your staff are only using sites using SSL when you’re storing or sending sensitive data, like purchasing something, filing taxes or doing other business-related tasks. Most email clients also come with an encryption option in the setting menu, so check that this is available so that your emails are being sent over an encrypted connection and that each email is then encrypted.
Encryption and Cybercrime
Encryption can also be used by cybercriminals to attack you, such as in ransomware attacks. Other than ransomware breaches that steal your organisation’s data and demand a ransom to prevent them from releasing that data, another attack involves hackers encrypting computers and servers of businesses and then demanding a ransom to provide the key to decrypt the data.
To protect yourself and your business from ransomware attacks, install and use security software on all your devices and make sure these are up to date. Update your operating system and other software you use as these often patch vulnerabilities found by the vendor. Be incredibly wary about email attachments, never opening any you’re not specifically waiting for. If an email tells you to enable macro settings to open attachments, doing so can cause macro malware to infect your files. Make sure your data is backed up in multiple locations, such as on the cloud, so that you can simply go back to the unencrypted form if in a ransom attack and above all else, don’t pay the ransom. The Australian Government states not to as there is no guarantee the criminal will release your data back to you.
Why is encryption important?
In our digital age, encryption matters. The internet comes with a magnitude of privacy concerns, both nationally and globally, and encryption is another layer of online privacy you can use to send your personal information securely. Government regulations also require industries to implement security measures that protect customers’ information, such as healthcare providers protecting patients’ sensitive information that is stored online and higher education institutions protecting student records. Any breach can cause an organisation to violate The Privacy Act 1988 and can see businesses facing hefty fines, data loss and loss of trust and reputation.
Encryption is an essential part of modern communication and commerce. It allows us to send sensitive information over the internet without fear of it falling into the wrong hands. Whether you’re shopping online, sending emails or storing files in the cloud, encryption is there to keep your data safe. So, the next time you use the internet, take a moment to appreciate the technology that’s working behind the scenes to protect your privacy and security.
