Data Encryption: How to secure your data

To some of us, most, if not all of our vital life records are stored on our computers. Financial records, academic records, transcripts, health records, birth certificates, pictures etc. Some of us even make the extra effort to digitize the records that only exists on paper.

This means that having access to our computer gives access to our personal data. Therefore our privacy means securing the data stored on our devices.

In some situations, when we lose our computer, our primary concern is not losing the device itself. But the fact that we are not in control of our data. The most worrisome concern is the possibility of others getting access to our data.

Today, most average computer users backup their important data. Either by using a local external storage (like External Hard Drives, NAS and Thumb Drives) or a cloud storage service (like Google Drive, Dropbox etc).

Although backing up our data as often as we can is a good practice, it also exposes our data. The more places we backup our data, the more places we need to secure. When our computers get into the wrong hands, it puts all our data at risk. This includes our cloud-stored data if synced with our computers.

Protecting our computers with OS passwords only stops an average user from accessing our user accounts on that OS. OS passwords only protect our Home Folder, not our whole disk. (C:/ in Windows OSs’, or Macintosh HD and Library in Mac OSs’). Every superuser knows that bypassing/resetting an OS user password is feasible. And if everything proves hard, all an adversary need is to remove the computer hard drive and use tools like FTKimager or Encase to view our files, and possibly retrieve even deleted files.

In some cases, we don’t have to lose our devices to grant unwarranted access to our data. In order to comply with the law, we have to hand out our devices for inspection. (Not our data, but our devices). If you have been following the news lately, then you have heard about how the Government wants to go through users data. Airport security now goes through travelers computers at the airport. (I understand this practice is only limited to the US, but it is only a matter of time before other Governments request the same).

So protecting our data means ensuring that even if someone has access to our computer, they can’t make sense of our data without our authorization. Whether one has sensitive proprietary data, or just personal data (like pictures). It is of paramount importance that we protect our privacy by securing our data. The best way to ensure our data is protected and secured is by encrypting the data.

What is Encryption?

In simple words, Encryption is a method of converting information into a form that is unreadable to anyone but its intended audience. In modern times, this involves protecting data transmitted over the internet, stored on our computers and storage devices.

Encryption and Decryption Process

Encryption is not new, it predates technology. Cryptography is the discipline dedicated to studying how to encrypt and decrypt information. Different computer encryption algorithms exist; some have been broken, and some are yet to be broken. (I said, yet, due to how fast computers are becoming.) Some of the popular encryption algorithms are RSA, AES, Blowfish etc. To know more about encryption, read about Cryptography.

How to encrypt your data

Today, most devices come with some sort of encryption. Almost all the OSs’ can be encrypted by simply turning it on. And user passwords tend to serve as the encryption key. Other devices like Thumb Drive & External Drives needs a little bit more than just turning it on. With External Storage, one can always create an encrypted vault that can only be accessible with a password that serves as the key. With this, the chances of an adversary decrypting an encrypted storage depend upon the strength of the password. Hence, the need to learn “How to properly set up a password

To encrypt:

  • Windows OS: Enable BitLocker (this only applies to computers with TPM) — TPM can be enabled in BIOS.
  • MacOS: Enable FileVault
  • External Storage (thumb drives, external drives etc): Create an encrypted vault using VeraCrypt.
  • Cloud Service (Dropbox, Google Drive): Create an encrypted vault using VeraCrypt and upload it to the cloud.

Most Cloud Services are encrypted, but the cloud service providers hold the encryption/decryption keys. Meaning they can access the data at any time. So we need to use a second layer of encryption to keep our data safe.

As always, searching for “How to enable BitLocker in Windows” would show lots of results, or preferably one can learn from a YouTube Video.

Tip:

For Internet usage, browsing, and data transmission. If one is using an unsecured network like the WiFi in Cafes or Airports. It is always a good practice to use a trusted VPN. This encrypts every outgoing and incoming Internet traffic.

Recently the US congress repealed some of the Internet privacy rules by allowing Internet Service Providers to access and use consumer browsing habits. This means ISPs can sell your web browser history, locations etc. Using a VPN can help protect your location by masking your IP address.

Unfortunately, most of the of the free web-based VPN’s are slow, and the fast ones charge a small monthly fee. Also, the process of setting up a personal VPN is a little complex. The best option is to use the Free VPN provided with Opera web browser. It is fast and unlimited.

Another tip is using the “HTTPS Everywhere” browser extension. It ensures that website makes use of the most secure connection available.