Is the data on your phone or laptop encrypted? Should it be? And what does encrypting your data do to it anyway? Here we’ll explain the ins and outs of encryption, and how you can make sure that everything in your digital life is safe from prying eyes. Encrypt your devices IMMEDIATELY!
Despite some of the complicated math involved, encryption isn’t difficult to understand—simply put, it locks your files and data away using a secret code, just like a pair of spies might talk in code to hide what they’re really saying. If anyone else overhears that conversation, it sounds like gibberish, and it’s the same with encrypted files.
What is encrypted data?
To make sense of encrypted data, you need the key to the code, which on your phone is often your PIN number—get past the lock screen, and your files and apps are no longer gibberish. That’s why being able to unlock an encrypted phone is so important to making sense of the data on it.
It applies to data we have stored on our devices and data we send through the air, to and from the internet. Apps with end-to-end encryption can’t be spied on, much to the chagrin of law enforcement agencies and governments worldwide, and only the sender and intended recipient gets to see the real message.
You can go a long way down into the technical details of encryption, but it essentially just scrambles the data. The number of “bits” is often listed next to the type of encryption being used tell you how many possible combinations there are for the unlock code—something locked with 256-bit encryption would take a bank of supercomputers billions of years to decode using brute force alone.
“If the disk is not encrypted your device can easily be booted off a USB drive and the unencrypted data extracted,” explains cybersecurity expert Professor Alan Woodward from the University of Surrey. “You can even just take out the hard drive and mount it on another machine to examine data unless the disc is encrypted.”
Different types of encryption algorithms have been developed for different purposes, with varying compromises between complexity and speed, though most of the time you won’t have to worry about which flavor of encryption you’re using (most of the time you just won’t get a choice).
For example, the encryption on the iPhone is the 256-bit AES standard also used by the US military, which has the benefit of being both very speedy to apply and impossible to crack by running through the various unlock code combinations, as we’ve already pointed out.
If you do get a choice, Professor Woodward recommends looking for packages and encryption methods that have gone through some kind of public audit or independent testing to verify the methods used.
“In some cases, such as the encryption supplied by Apple and Microsoft, you have little choice but to accept their assurances, but if using a third-party package look for audits,” he told Gizmodo. “It’s the same as with secure messaging apps, it’s a sign of how robust the developers believe their system to be if they put it up for scrutiny.”
If your data isn’t encrypted, anyone who happens across your phone or laptop can get at the files within pretty easily; with encryption added, accessing the same data becomes very, very difficult (though not impossible, if other security loopholes can be found on the device). But do you need it in place if you’re not carrying government secrets or company financials with you?
As security expert and Chief Technology Officer at IBM Resilient Bruce Schneier puts it in his blog: “Encryption should be enabled for everything by default, not a feature you turn on only if you’re doing something you consider worth protecting.”
“This is important. If we only use encryption when we’re working with important data, then encryption signals that data’s importance. If only dissidents use encryption in a country, that country’s authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal.”
Even if you don’t mind the thought of other people rifling through your folders of GIFs and angry letters to your Internet Service Provider, any device you own contains a wealth of information about you that’s best kept private, from contacts to browsing histories.
“Whether you think it worth doing is really whether you think your device has valuable data,” says Professor Woodward. “You’d be surprised what you do have: Contacts, emails, passwords. People underestimate the value of these to criminals. So, on the whole I think it is worth doing.”
You’re building a wall between everything on your phone or computer, and anyone else who might want to look at it who isn’t you. The good news is, encryption has become so important that a lot of devices now include it by default, so you don’t necessarily need to do anything to stay protected.
If you need assistance with encrypting and protecting your devices, our KJONGSys JUICE Support Center Associates can help you, even remotely! Get in touch with us today to learn more.