Encryption has enjoyed a lot of publicity recently thanks to the FBI and Apple case that made more than a few headlines. It brought data security to the fore once more which should hopefully get people thinking more seriously about it, especially small businesses. In my opinion, anything that makes people think more seriously about security is a good thing.
Nothing to hide, Nothing to fear
There is an old trope that is rolled out every time a discussion around encryption happens. ?If you?re doing nothing wrong and have nothing to hide, you have nothing to fear.? This is a false argument.
It assumes that:
- Governments and their agencies can be trusted and will always get it right
- It assumes that due process will definitely prove your innocence if you are innocent
- It encourages you to only look at yourself rather than how other people have been treated over encryption
- It assumes that your data is worthless except in the context of national security
- It assumes that the needs of the few outweigh the needs of the many
- Just because you choose not to exercise your right to privacy it doesn?t mean you shouldn?t be entitled to it
I don?t need to put this argument into standard form to prove that none of those statements are true. So by definition, the assertion that if you have nothing to hide you have nothing to fear is not true either.
The subject of encryption and privacy is about much more than national security even if the debates in the media concentrate only on that aspect. All businesses, large or small generate data. That data is always worth something to someone. Whether it?s the competition, extortionists or whoever. Private information should remain just that. Private.
So, encryption then.
Easy encryption for everyone
There are three things required to massively elevate data security. They are cheap (or free), simple to use and work well. I use all three of them here at Coastal Content. Not because I think the government wants to spy on me but because I want to protect the content I create and the reputation of my business.
To elevate your own data security, you need a password manager, disk encryption and encrypted communications. The first two are mandatory, the last is optional but recommended.
I have recommended password managers before. They enable you to use a different password for every single website and account you have without having to remember all of them. You only need to remember one very strong password to get into your manager and the rest happens automagically.
I use LastPass but other managers are available. Tech Radar did a good review of available password managers last year. Many can be used on the desktop and mobile device, synchronising them both.
Use as strong a password as you can for the manager itself and then let the app generate passwords for you when you need them. If you can think of a password, so can a hacker or brute force attacker.
Disk encryption locks down your hard disks and ensures you are the only one who can access the data on them. Android has encryption introduced in Android Marshmallow. iOS has it, as the FBI knows all too well. Windows has BitLocker on higher tier Windows versions and OS X has FileVault.
There are also third party disk encryption applications out there that do the same job at either a low cost or often no cost whatsoever. GFI Software did a good roundup of file and disk encryption here.
A simple way to encrypt any communication you do online is to use a VPN. There are also web security plugins for browsers, encrypted email providers, one-time use email providers and encrypted chat and email applications. I tend to use a VPN as it has the added benefit of encrypting everything you do online.
VPNs are cheap (mine is ?5 a month for unlimited traffic) and simple to use. Mine came with a Windows installer, has a selection of 20-odd servers in different regions, retains no user data and can even be paid in Bitcoin.
The browser addon HTTPS Everywhere works with most popular browsers and does a good job but doesn?t work on every website.
Chat applications such as Pidgin or OTR (Off The Record) both encrypt messages by default. Open Whisper Systems encrypts voice, SMS and image files between mobile devices and seems to work pretty well.
Living with encryption
All of these solutions are simple to install, fairly easy to use and offer a much higher level of security than you likely have right now. They also stay out of the way when you don?t use them and don?t interfere with day to day workings of the device. Both are vital if you are to benefit from more security without any added hassle.
Encryption, privacy and data security are big topics for discussion and are likely to remain so for most of this decade and into the next. If you think you aren?t important enough or have anything worth stealing, think again. Everything is valuable to someone!