what is encryption?Encryption is a term that’s thrown around a lot in the cybersecurity community as well as more mainstream arenas. Though it’s a technical concept, the particulars of which can be hard to understand for the layperson, it’s increasingly being touted to consumers as a necessity. What is encryption, exactly, and how is it useful to you? In this post, we’re detailing the basics of encryption and exploring its significance to the average Internet user.

Simplifying encryption: think of it as a digital lock and key

Encryption, simply put, is a means of making data of any sort inaccessible to unauthorized parties. The particulars of encryption can be somewhat complicated – indeed, the science of cryptography is devoted to devising and understanding encryption schemes – but the function of encryption is best understood through a simple lock and key analogy. Encryption renders data literally unreadable to everyone except those who have the key. Not being able to read data in most cases means that the contents of the data cannot be accessed; however, it has proven possible to break some older encryption schemes. A couple of recent examples of this are the Yahoo breach and documented issues with older forms of router encryption. This is precisely why we update and upgrade technology, though, and we’ve reached a point where modern encryption schemes are nearly impossible to break because of their technical complexity.

What are some misconceptions about encryption?

Unfortunately, the push to promote encryption has somewhat outpaced public education about the technology. Below are some common misconceptions that some consumers might have about encryption, and the reality behind them.

Encryption is dangerous

Because of both the FBI vs. Apple debates and rise of ransomware, which turns encryption against users in order to steal their money, encryption sometimes gets a bad rap. But encryption, like any tool, is as good as the intentions of the person using it. Encryption will allow you to better protect your information online, even though criminals can use it to hide evidence or to lock you out of your files. After all, just because something can be used for bad doesn’t mean it can’t also be used for good.

Encryption provides anonymity

Although encryption is a useful tool in a suite of technologies designed to protect your privacy, in most circumstances, encryption alone doesn’t offer anonymity. Encryption is designed to protect content from being seen by third parties who don’t have the keys to decrypt the data; however, in many cases, the metadata surrounding your online activities isn’t (or can’t) be encrypted. For example, even though HTTPS encrypts your online activities, details like the name of the site you’re on and where in the world you are when accessing the site can still be seen.

So, while onlookers might not be able to know what you’re sharing over an encrypted connection, they might be able to find out things like who you’re communicating with and various details about you. Additionally, since data, at some point, has to be decrypted in order to be useful to you, a third-party can potentially view encrypted information after it’s been decrypted. The most obvious example of this would be someone looking over your shoulder at your iPhone while you’re messaging a friend. But in other instances, such as if your device is hacked or the person you’re communicating with has been compromised, a hacker can read the decrypted data as if they were the intended recipient – much like any person who steals your car keys would have access to your vehicle.

What should you keep encrypted?

A lot of different types of data can be encrypted. Because encryption is becoming such a standard feature, devices are increasingly becoming encrypted by default. Below we discuss the things you should expect to be encrypted or consider encrypting yourself.

  • Your Wi-Fi network. This is something many people probably are already doing, but if you have a wireless router at home, you should be using a password with the strongest level of encryption currently available to consumers (WPA2). Additionally, there might be a few other things you can consider doing to bolster your security. These include setting up firewalls on your devices, limiting your Wi-Fi’s signal strength (or even preventing your Wi-Fi network from broadcasting its name to unknown devices), filtering the devices that can connect to your network and keeping your router’s firmware up to date. Remember that WPA3, a new encryption standard, will be available in new routers being released later this year, so you might consider planning for an upgrade to your device in the next year or so.
  • Your web traffic. Except when doing light browsing and online reading, you should opt to use HTTPS web pages as a rule. HTTPS provides automatic encryption between you and the website or service you’re accessing. Since it’s set up on the back-end of websites, it’s generally something you can’t control, although plugins like “HTTPS Everywhere” force HTTPS connections in a number of situations. Note, though, that HTTPS in a URL doesn’t automatically make for a trustworthy website.
  • Your apps. Similar to HTTPS, if you’re using apps on your computer or mobile devices, especially those that involve sharing files or messages, make sure that the developer employs end-to-end encryption. This means that the data is only decrypted once it reaches its intended recipient and that no one, not even the developer, can see the contents of the information. Most modern communication services like Telegram, WhatsApp and even iMessage deploy this, but it’s important not to assume every app uses it.
  • Your phone, computers and smart devices. You can choose to encrypt all of your devices, as most platforms have a means of letting you encrypt your system. Some devices may offer more options for encryption than others, but most of today’s smart devices are equipped with at least basic encryption options you can access in the device’s settings.
  • Your files, including backups, hard drives and external media. You can encrypt individual files on your computer so that when you transfer these files (like onto Dropbox), they’re encrypted. Encryption of your files can be done on your computer or device using the same tools mentioned in the last bullet. If you have any hard disks or backup drives around, you might want to encrypt them as well. Both Mac and Windows devices have tools to help you accomplish this.

Is encryption worth it in the long run?

Some of the downsides and limitations noted above might make encryption sound not as useful as it’s been made out to be. However, the truth is, encryption is merely one in a suite of tools available to help protect you online. It’s not a silver bullet to cybersecurity and privacy, and like anything else, it must be used responsibly with other habits and tools. Bottom line, encryption is definitely something worth paying attention to and having, so long as you understand that it’s not the end-all, be-all of cybersecurity. To stay in the know about this and other online security issues, keep reading our technology blog.