Using encryption to keep your data safe
When storing data on a device or in a system, you can use encryption to make sure only the right people can access it.
Data encryption is something that a lot of people interact with without even knowing about it. When you set a PIN on your mobile phone or a password to unlock your laptop, this often ties back to an encryption setting. So if you lose those devices, the data in them is protected.
Although encryption is often transparent, it is important to understand what it means so you can ensure this key security control is configured for all the key devices and systems you use.
What is encryption
Encryption is a method of converting data in human readable form into a secret code. There are multiple different types of encryption, and you interact with them every day:
Websites and HTTPS
Websites use encryption (also called asymmetric key encryption) when they set up their website to use HTTPS. You can tell a website uses HTTPS by looking at or double clicking the URL in your browser.
When you access a website using HTTPS, all the information you enter into the website is sent encrypted back to the website owner. The website owner holds the key to turn the secret code back into human readable form. If an attacker was able to view the information in that connection, they would only see the secret code.
Device passwords and PIN
Newer operating systems for mobile phones, tablets, and laptops ask you to set a PIN or password when you set them up. This password is used as an encryption key (also called symmetric key encryption) and is needed in order to unlock and access data on the device. If someone steals your phone, they would need that secret key in order to unlock the device and access the data.
Website and system owners who collect your data also have to care about encryption. For businesses, it looks different but the concept of having single or pairs of keys to unlock secret codes is the same.
How to use encryption
You’ll often find the option to enable device or data encryption on any devices you use. You can search your device settings for ‘encryption’ and it should prompt you to create your key.
Treat your device password or PIN like a good password. Keep it unique and long enough to be easy to type in and remember, and keep it safe. If someone else has access to your key, they can decrypt your device and access your data.
When accessing websites, you only have to check the URL and make sure you are visiting the right website and that the website uses HTTPS. Typing in the URL yourself into the URL bar is a good way to make sure that an attacker did not trick you into going to their phishing website (which might also use HTTPS!).