The increasing amount of data we’re all generating is everywhere: in smartphones, laptops, thumb drives, and dozens of online services. How can we secure all of them against unwarranted access?
We virtually can’t.
Smartphones get stolen, thumb drives get lost, email passwords get brute-forced, cloud servers get breached, unwary users get phished, WiFi networks get tapped, and eventually, malicious users obtain access to your data.
So how do you protect your data against unwelcome parties?
You encrypt it. In case you don’t know it, encryption is the science of modifying data to prevent intruders from making sense of it. When you encrypt your data, only you and anyone else holding the decryption keys will be able to unlock and read it. This means that even if an attacker gains access to your data by breaking into a server or stealing your hard drive, they won’t be able to make sense of it if they don’t have the keys.
As I’ve argued before, encryption is your last line of defense, the one thing that can protect your data when all else goes wrong.
So without further ado, here’s are some of the key ways you can encrypt the data that you’re scattering everywhere.
Encrypt your emails
Email has become a de facto medium for exchanges of all sorts. We use email to send business secrets, financial data, personal data and various kinds of sensitive information. There are few things that are as damaging as a hacked email account.
You should obviously do everything you can to protect your email accounts, such as choosing strong passwords or enabling two-factor authentication. But in case your account does get breached, you have a few viable options to encrypt your messages and prevent hackers from actually seeing the contents of your messages.
One is the use of Pretty Good Privacy (PGP), a tool that adds a layer of encryption to your emails. Basically, PGP generates a public and private encryption key and ties it to your email address. You publish the public key for everyone to see and keep the private key to yourself.
Anyone who wants to send you a confidential message will encrypt it with your public key before sending it to you. Only your private key will be able to decrypt the message, and as long as you keep it safe, you can rest assured that only you will be able to read those messages. This means that even the owner of the server where your emails are stored won’t be able to read them.
There are a handful of free PGP tools such as Mailvelope, which work with all major webmail clients such as Gmail and Hotmail, and will get you started with encryption in a couple of easy steps.
Of course, if you want your outgoing messages to be encrypted as well, the recipient needs to have a PGP key too, so you’ll have to convince your friends to set up PGP accounts.
An alternative to PGP is using an end-to-end encrypted mail service such as ProtonMail or LavaBit. End-to-end encryption makes sure that anything that gets stored in your account is only viewable by you, the person who holds the key. No surveillance or massive databreach will give access to the content of your emails.
Encrypt your files in the cloud
The same threats that can out your emails apply to the files you store in cloud services such as Google Drive and Dropbox. Even the biggest services you entrust with your files can get hacked, and the sensitive files you’ve stored in the cloud can fall into the wrong hands.
The most basic choice is to protect your files with a compression tool that supports encryption and password protection features, like zip, before storing them in your cloud server.
In case you find it too cumbersome to manually encrypt and decrypt your files, you can use tools such as Boxcryptor or Whisply, which integrate with most popular cloud services and add an easy-to-use layer of encryption.
Another alternative is to use an encrypted storage service such as SpiderOak One, Tresorit or Cryptobox, which have end-to-end encryption incorporated into their service. This means only you and whomever you share your files with will have access to the contents.
Encrypt your messages
Messaging apps are perhaps the most popular applications we use on our phones. But they’re not all equally secure. Some applications will encrypt your messages in transition, but not in storage, which means your data can become exposed in case of data breaches or compromised accounts.
The most secure messaging apps are those that have end-to-end encryption features, making messages exclusively visible to the parties taking part in a conversation. We’ve discussed how to evaluate messaging apps in terms of security here on The Next Web before.
Some of the viable options include Open Whisper Systems Signal, WhatsApp and Wickr, which are end-to-end encrypted by default. Telegram and Facebook Messenger also have end-to-end encryption, though you’ll have to enable them manually.
You might also want check out this interesting project by two Canadian students, who are working to add strong encryption to a variety of web communication tools.
Encrypt your devices
While you consider the security of your online data, you shouldn’t forget about the devices you physically own. Your phone, laptop, memory cards and flash drives hold quite a lot of sensitive information.
Your smartphone in particular is very vulnerable. It has a lot of functionality, it holds your communication apps and sensitive information and pictures, among others. And you carry it everywhere with you, which means there’s a greater chance you might lose it or get it stolen from you.
Fortunately, most desktop and mobile operating systems support full-disk encryption, a feature that will encrypt everything on your phone, computer or flash drive. By enabling full-disk encryption, you’ll protect your on-device data against physical theft. Good encryption can’t be circumvented, even by device manufacturers or government agencies—at least not without spending a huge bunch of money.
In iOS version 8 and later, device encryption is turned on by default if your device has a passcode. Newer Android devices also come with device encryption enabled out of the box, but with the variety of devices available out there, you might want to verify to make sure yours is encrypted.
For your laptops and removable media, depending on which operating system you have, there are always good encryption tools available. Windows has BitLocker, which can easily encrypt your hard drives or removable storage in a few easy clicks. The Mac OS has a native encryption tool as well, called FileVault.
Encrypt your internet traffic
Hackers have many ways to steal your information on the fly, especially if you’re using a public WiFi network. In fact, your internet service provider too might be interested in having a look at your internet traffic.
Adding a layer of encryption to your internet traffic will make sure you enjoy full privacy while surfing the web. One of your viable options is to use a Virtual Private Network (VPN). VPN services encrypt all your traffic and redirect them through their own servers. All eavesdroppers will be able to see is a bunch on encrypted data being exchanged between you and your VPN service.
VPN services are available for both mobile devices and desktop computers.
To be fair, VPN is not a perfect solution. Your VPN provider will have full visibility over your non-HTTPS traffic. Free VPN services in particular have a tendency to use customer data for commercial purposes. But it’s much safer than letting hackers scrutinize your traffic.
Encryption is not a complete security solution and it doesn’t obviate the need for basic security measures such as keeping your operating system and software up to date with the latest security patches. And don’t forget that encryption is only as secure as you make it, which means you have to keep your keys secure.
But encryption is definitely one of your best friends in the hostile world of digital information, connected devices and online services. Encrypt your data, and stay safe out there.
Pssst, hey you!
Do you want to get the sassiest daily tech newsletter every day, in your inbox, for FREE? Of course you do: sign up for Big Spam here.