Data encryption is something that a lot of people interact with without even knowing about it. When you set a PIN on your mobile phone or a password to unlock your laptop, this often ties back to an encryption setting. So if you lose those devices, the data in them is protected.
Although encryption is often transparent, it is important to understand what it means so you can ensure this key security control is configured for all your devices and systems.
What is encryption?
Encryption is a method of converting data in human readable form into a secret code. There are many different types of encryption that you interact with every day:
Websites and HTTPS
Encryption (also called asymmetric key encryption) is used when websites are set up to use HTTPS. You can tell a website uses HTTPS by looking at, or double clicking, the URL in your browser.
When you access a website using HTTPS, all the information you enter in to it is sent encrypted back to the website owner. The website owner holds the key to turn the secret code back into human readable form. If an attacker was able to view the information in that connection, they would only be able to see the secret code.
Device passwords and PIN
Newer operating systems for mobile phones, tablets and laptops ask you to set a PIN or password when you set them up. This password is used as an encryption key (also called symmetric key encryption) and is needed in order to unlock and access data on the device. If someone steals your phone, they would need that secret key in order to unlock the device and access the data.
Website and system owners who collect your data also have to care about encryption. For businesses, it looks different but the concept of having single or pair of keys to unlock secret codes is the same.
How to use encryption
You’ll often find the option to enable device or data encryption in the settings. Search for ‘encryption’ and it should prompt you to create your key.
Take the same care in creating your device password or PIN as you would any password - making it unique, long and complex (and store it in a password manager if you have one). If someone else gets access to your key, they could decrypt your device and access your data.
When accessing websites, check the URL and make sure you are visiting the right website and that the website uses HTTPS. Typing the URL in to the URL bar is a good way to make sure that an attacker did not trick you into going to their phishing website (which might also use HTTPS!).