What is it and how can It protect you?
Securing data with a lock is definitely a secure method of protecting your information, but what if that lock couldn't be accessed unless the individual had both the correct set of parameters and the key in order to open and access the data? Encrypting your information is not just putting a lock on it and requiring the key to open it, it also requires the user to have the correct environment to access that data.
What is encryption?
Encryption is widely known as a method by which you can look to protect information. With encryption, a layer of protection is created by scrambling data so that only certified individuals can understand the information.
Basic Understanding: The encryption process takes readable data and alters it so that it appears randomized.
Technical Understanding: The encryption process is converting legible plain text to illegible text, this is also known as ciphertext. Once you have this randomized piece of text, the encryption requires the use of a cryptographic key: a set of mathematical values that both the sender and the recipient of an encrypted message agree on. So while encrypted text/data appears random to the human eye, encryption proceeds in an algorithmic way, allowing an individual to receive the encrypted data and (if the parameters are met) decrypt the data, turning it back into the original plaintext/data. But in order to decrypt the data that an individual receives, they must obtain the correct key. This key could take many forms based on the encryption process, for example, your bank account login details. Decryption will fail if you don't provide the correct details. Highly secure encryptions will use keys with advanced levels of complexity so that foreign parties are highly unlikely to decrypt or break the ciphertext by brute force — in other words, by guessing.
What is a brute force attack in encryption?
A brute force attack is when an individual with malicious intent attempts to find the correct decryption algorithm. In order to obtain the correct key to your information, the attacker will attempt to crack the encryption by way of trial and error with millions, sometimes billions, of combinations. However, due to the complexity of most encryption methods, the attacks are unsuccessful and should be able to withstand a brute force attack. It is important to note even with the most complex forms of encryption, if a password is set to something as simple as "Password," the encryption will be susceptible to brute force attacks. This is why it's recommended to use letters, special characters, and numbers for your passwords. Using these combined increases the level of security from brute force attacks.
What is encryption used for?
Encryption is used to secure all sorts of data. In most cases, you will find it is used for one of the following 4 reasons:
Privacy: Encrypting data certifies that, while the information you have obtained is "on hold," it can only be read and viewed by the designated recipient. This provides security against attackers, ISP (internet service providers), and in some cases government personnel from reviewing and/or receiving your information.
Security: Encrypted data is used to defend against data breaches, so no matter where your data is, whether that be "on hold" or "in-transit," you know it is secure. An example of security is if you had an employer's hard drive with sensitive information but lost it or had it stolen, you know that the data on that hard drive will still be secure.
Data integrity: Using encryption is not only a method to keep your data secure from attacks. It is also used to make sure that when you look to transmit a file from one colleague to another, the receiving colleague knows that the integrity of that file has not been altered in any way.
Regulations: If you are handling public data, it will be your duty to implement the correct level of security to protect the information you have obtained. In most cases, you will find government regulations requiring companies to encrypt your data as a method of security. The most common regulations are under one of the following:
HIPAA, Health Insurance Portability and Accountability Act
PCI-DSS, Payment Card Industry Data Security Standard
GDPR, General Data Protection Regulation
It is important that as we continue to move into not only an online environment but also a decentralized one we continue to take the security of our sensitive information seriously. Every day there are millions of attacks attempting to retrieve your personal information and these attacks could lead to a total loss of your portfolio. Be safe out there!