As cybersecurity issues continue to rule the headlines, the world’s focus is on data privacy. It has always been critical; it’s just finally becoming a public discussion. And that conversation inevitably involves encryption. With all the misconceptions about encryption come misunderstandings about how and when to use it. So let’s clear a few things up.
How Encryption Works
When you make a purchase online, send a text message, or email another person, the information involved—your credit card and address, photo or text, and whatever is in your email—is considered to be ‘in transit.’ During this period, a hacker can drop in and swoop your data up for themselves more easily than trying to break into secure networks. Since grabbing data in transit is so attractive, encryption is used to scramble your data with a sophisticated mathematical algorithm to make it readable only by the authorized parties involved. Encryption does not prevent the hacking attempt, but it makes it a waste of time for the hacker by creating an unintelligible combination of your data that can be incredibly difficult and near impossible to decipher.
In simpler terms, think of the difference between invisible ink versus a decoder ring. As kids, we all learned how to use lemon juice and a little water to “encrypt” our notes or drawings with invisible ink. After using it and letting it dry, no one could see the “data.” But anyone who applied light or heat to the paper would see the data appear. It was hidden, but not encrypted.
A decoder ring on the other hand (if you’ll pardon the pun), allows a person to send coded messages that can only be read by others with the decoder ring and proper cipher. Encryption is more like using a very sophisticated decoder ring. Keep reading to find out the easiest way to see if a website uses encryption.
Types of Encryption
There are different types of encryption, primarily symmetric and asymmetric. Symmetric encryption involves a single key to encrypt and decrypt information. It’s usually faster, but with companies managing such massive amounts of data and keys nowadays, asymmetric has become more common. Asymmetric encryption involves both a public and private key. Asymmetric encryption is often used for messaging, and the decryption process only takes place after the private key gives permission to the public key. A more detailed history and explanation of this, including descriptive graphics, can be found at How to Geek.
Variety of Uses
Encryption wasn’t just created to protect your online accounts and purchasing activity. Encryption is also used to protect your information in other instances, like when you use an ATM or if you rely on a Wi-Fi-connected device to secure your home network. There are even apps out now that claim to encrypt your voice and video communications.
Before signing up for any services, however, always read the fine print. Some companies keep backups permanently or for a set amount of time; others may keep logs. It doesn’t mean you shouldn’t use them; you should simply know what you’re signing your data up for.
Regardless of Intent
One of the main reasons encryption exists is to protect and preserve your privacy. It is not designed to hide illegal activities. In fact, quite the opposite. Encryption is often used to hide your data from people attempting to carry out illegal activities against you—like identity theft, stalking, and fraud. But, that’s not all. Encryption is also intended to keep your conversations and daily activities as private as you want them to be. Just because you aren’t doing anything worth hiding, doesn’t mean people should be able to watch or hear you live your life. (Except maybe Alexa, right? Just kidding.)
Easy Way to Tell if a Website Uses Encryption
The simplest way to check if a website uses encryption to protect your data in transit is by looking at the address in the browser bar. If the website is secure, the address should start with “https.” While malicious websites can sometimes be made to appear secure with a false https:// address, legitimate websites without encryption (http) can just as easily put your information at risk and should not be used to make purchases or share sensitive data.
For example, a link that points you to “http://www.paypal.com” is a clear phishing attempt since Paypal has a secure website at “https://www.paypal.com.” On the other hand, MIT still does not have a secure website at http://www.mit.edu. Perhaps because it is primarily educational and not for sending money or shopping, MIT has decided not to secure their site. Fewer and fewer sites remain that have not switched to https, but it’s always good to check.
Now that we’ve dispelled some myths, consider how you can best use encryption both at home and at work. Issues of storage, transmission, and the level of encoding will all factor into finding your best solution. If you have questions about encryption for your company, contact our technical experts for advice. Your customers and your bottom line will thank you.