Encryption

Importance of encryption

Encryption is the process of encoding data in such a way that only authorised parties can view it, even if the data falls into the hands of unauthorised parties.

Whenever data leaves your organisation, whether that be over a network (i.e. the internet), or physically carried out of the door (e.g. on a USB drive, or on a laptop) you should consider encrypting it. For example:

• Even if you have a strong password for your laptop, this can be easily bypassed if the hard drive is not encrypted.
• Data that is emailed can easily be intercepted, forwarded or even just mistakenly sent to the wrong address.

In addition to securing data, encryption can also be used to verify the sender’s identity and the integrity of the data.

Encryption strategy overview

• Encrypt data that contains personal, sensitive, or high-risk information.
• Use strong encryption standards, 256-bit is preferred; 128-bit should be the minimum.
• You should regularly review the encryption standards that you use to ensure that they are still secure; for example, DES, 3DES, RC4, and older versions of TLS (TLS 1.0, TLS 1.1) are considered weak and pose security risks.
• Encrypt files or folders before storing or transferring them.
• Store identifying information separately and encrypt both data and identifiers.
• Choose tools that are appropriate for the task, i.e. full disk encryption vs file-level.
• Always use secure passphrases, and store decryption keys in a secure location.
• For long-term access, document the encryption method and how to decrypt the data.
• Regularly review who has access and revoke keys or credentials when no longer needed.

Software for encryption

There are a number of software applications available for encrypting data. The UK Data Archive recommends the use of Pretty Good Privacy (PGP) standard technology.

This is available as open-source versions (GnuPG), or as commercial software (PGP). Encryption with such software requires the creation of a public and private key pair and a passphrase.

The private PGP key and passphrase are used to digitally sign each encrypted file, and thus allow the recipient to validate the sender’s identity. The recipient’s public PGP key is installed by the sender in order to encrypt files, so that only the authorised recipient can decrypt them.

Other commonly used encryption software

• BitLocker– standard on selected editions of Windows; for the encryption of disk volumes and USB devices.
• FileVault2 – standard on Apple Macs; for full disc encryption.
• VeraCrypt – multi-platform encryption software (Windows, Mac and Linux); for full-disk and container encryption.
• Axcrypt – open-source file-level encryption for Windows.

We have created video tutorials on how to use a variety of encryption software programmes. These are available on our YouTube Channel.