Maggi, June 25, 2014
This is the fourth post in our series about data security for small businesses. To find out more about the series and see a list of posts, go to A Terrifying Statistic for Small Businesses. You can also read our previous posts on backing up your small business, password protecting your business and protecting your business in the cloud.
If you’re really serious about ensuring the privacy and security of your small business’s data, encryption will set your mind at ease. While the word ‘encryption’ might evoke images of hackers, governmental surveillance, and bank security, it’s actually not nearly as intimidating as it sounds, and can keep prying eyes out of your valuable data.
While there’s no way to verify the story, it’s said that the first encryption system was the shift-3 system used by Julius Caesar to encrypt messages to his generals. In this system, every letter in a message would be shifted by 3; a C represented a Z, an N represented a K, and so on.
Obviously people have gotten a lot smarter since then, and computing power has increased exponentially. Today, extremely complicated mathematical algorithms are used to turn a message or a file into a worthless mess of seemingly random letters and numbers. By using the correct encryption key, however, the message or file can be decrypted and turned back into its original form.
You can encrypt almost any part of your digital life, but I’ll be focusing on three here: browsing, cloud storage, and messaging.
You pass a lot of really valuable information through your browser. Bank account login information, supplier details, phone numbers, credit card numbers, and more go through your browser on a daily basis—what if someone were to intercept this information? You’d be in trouble.
That’s where encrypted browsing comes in. By using a couple tools, you can make sure that no one will be capturing your data. The first to you should be using is called HTTPS Everywhere, and it’s a browser extension available for Chrome, Firefox, Opera, and Android. By installing it, you’ll use a secure connection to all websites (whenever possible), keeping your information safe.
The second option is to use a virtual private network (VPN). In addition to encrypting traffic, a VPN also obscures information about which sites you’re connected to, further increasing your security. There are some free VPNs, like Hola, and some paid ones, like PureVPN. Paid ones tend to be faster.
If you’re really serious about securing your browsing traffic as much as possible, you can download the Tor bundle. Tor is like a super-VPN; most VPNs route your traffic through an extra server to make it harder to track, whereas Tor routes it through three extra servers. It’s the industry standard for safe browsing, though you might find that your browsing speed goes down noticeably. If you know you’re going to be sending confidential information, it might be worth it!
Storing files, whether on your computer or in the cloud, leaves you open to attack, as someone could break into your systems and steal them. But if those files are encrypted, getting a hold of them won’t do a hacker any good; you still need the password to open them.
Encrypting files on your computer is usually pretty easy. You can find instructions for Encrypting files on a Mac here, and encrypting Windows files here. Once you’ve encrypted those files and chosen a password, you’re set to go! When you need to access the files, just enter your password and they’ll be decrypted, ready for you to use whenever you need.
Encrypting in the cloud is slightly more complicated, but you can go about it in one of three ways. First, you can encrypt a file before sending it to Dropbox, Google Drive, or any other cloud storage server. Second, you can choose to use a secure server (see this article for three secure cloud storage options for your small business). Third, you can use Boxcryptor, a service that encrypts your cloud files.
If you’re especially computer-savvy, you can encrypt files using Gnu Privacy Guard (GPG) so that others can decrypt them, too.
Encrypting and decrypting files doesn’t take much time, but you might want to use it only for files that you aren’t likely to use any time soon or are especially worth of protection. Customer payment information and backup files are great things to encrypt, for example.
Although most people don’t usually send sensitive information via IM or text message, it can be nice to know that no one’s eavesdropping on your messaging. And if you do find yourself in a position where you need to share a password or a credit card number via text, you’ll feel much safer knowing it’s encrypted.
Secure text messaging is best done with a specific app. I recommend Telegram, as it’s free and easy to use. Just get everyone in your organisation to download it and set up an account. Then you can message to your heart’s content without fear of losing important information.
In the computer, I recommend Adium for Mac users and Pidgin for Windows users, both of which let’s you chat with Gmail contacts, Facebook friends, and, all securely and encrypted. And for instant messaging from your phone, ChatSecure has you covered, both on iPhone and Android.
It might sound like a lot of hard work, but getting your business set up to encrypt its data doesn’t take much time, and it’ll significantly reduce your resilience to cyber crime. By encrypting your browsing to protect your passwords and confidential data, your local and cloud storage to protect all of your files, and your messaging, you’ll take a huge step toward being safe online.
If you have any recommendations of other encryption tools that small businesses might be interested in, please share them below!