Skip to main content
SANS Security Awareness

Utility nav

  • GDPR
  • Support
  • SANS.org
  • Contact
  • Request Demo

Main navigation

  • Products
    • Products Overview Column
      • Products

        Build and mature your security awareness program with comprehensive training for everyone in your organization.

        View Products
    • Security Training Solutions
      • End-User Training

        Security Awareness training designed by experts.

      • Phishing Tools

        Tiered-template phishing simulation tool designed for all learners.

    • Products - Training Span
      • Engineer Training

        Train all learners involved with Industrial Control Systems. 

      • NERC CIP Training

        Relevant Critical Infrastructure Protection training meeting compliance. 

      • Developer Training

        Protect web applications with secure coding practices. 

      • Healthcare Training

        Train learners following HITECH and HIPAA standards. 

    • Events
      • Courses & Summits

        Gain key insights and practical information in security awareness program building from experts in the field with our Summits and training courses. 

  • Why SANS
  • About
    • About Overview Column
      • About

        SANS has been around as long as the Internet. Learn about our history, experts and events around the world.

        Read About SANS Awareness
    • About Column 1
      • Our Experts

        World-class experts covering every aspect of security awareness and defense.

    • About Column 2
      • History

        Read about the SANS Security Awareness legacy.  

    • About Column 3
      • News

        Check out what’s going on with SANS Security Awareness in the news.

  • Reports
  • Case Studies
  • Resources
    • Resources Overview Column
      • Resources

        Looking to build and mature your security awareness program? These resources will enable you with the topics and techniques to improve your learner’s awareness in security.

    • Resources Column 1
      • Blog

        Read from subject matter experts and guest authors about the latest going on in security awareness.

      • Security Awareness Planning Toolkit

        Resources to help you plan, develop and deploy an effective program.

    • Resources Column 2
      • Posters

        Developed by the community for the community. Download and share these awareness posters with your organization.

      • Video of the Month

        Our popular VOTM program allows you to get an inside look of security awareness training on relevant topics affecting our society today.

    • Resources Column 3
      • OUCH! Newsletter

        The world leading security awareness newsletter. Offered in multiple languages, created by a community of experts.

      • Webcasts

        Gain deep insights from subject matter experts on security awareness, program building, behavior change and more.

Mobile Menu

June 2016 • The Monthly Security Awareness Newsletter for Everyone

Encryption

What Is Encryption?

You may hear people use the term “encryption” and how you should use it to protect yourself and your information. However, encryption can be confusing and you should understand its limitations. In this newsletter, we explain in simple terms what encryption is, how it protects you, and how to implement it properly.

You have a tremendous amount of sensitive information on your devices, such as personal documents, pictures, and emails. If you were to have one of your devices lost or stolen, all of your sensitive information could be accessed by whoever possesses it. In addition, you may conduct sensitive transactions online, such as banking or shopping. If anyone were to monitor these activities, they could steal your information, such as your financial account or credit card numbers. Encryption protects you in these situations by helping ensure unauthorized people cannot access or modify your information.

Encryption has been around for thousands of years. Today, encryption is far more sophisticated, but it serves the same purpose -- to pass a secret message from one place to another by ensuring only those authorized to read the message can access it. When information is not encrypted, it is called plain-text. This means anyone can easily read or access it. Encryption converts this information into a non-readable format called cipher-text. Today’s encryption works by using complex mathematical operations and a unique key to convert your information into cipher-text. The key is what locks or unlocks your information. In most cases, your key is a password or passcode.

What Can You Encrypt?

OUCH! June 2016 Encryption
Encryption is a powerful way to help secure your information, but it is only as strong as your key.

In general, there are two types of data to encrypt: data at rest (such as the data stored on your mobile device) and data in motion (such as retrieving email or messaging a friend).

Encrypting data at rest is vital to protect information in case your computer or mobile device is lost or stolen. Today’s devices are extremely powerful and hold a tremendous amount of information, but are also very easy to lose. In addition, other types of mobile media can hold sensitive information, such as USB flash drives or external hard drives. Full Disk Encryption (FDE) is a widely used encryption technique that encrypts the entire drive in your system. This means that everything on the system is automatically encrypted for you; you do not have to decide what or what not to encrypt. Today, most computers come with FDE, but you may have to manually turn it on or enable it. It is called FileVault on Mac computers, while on Windows computers, depending on the version you have, you can use Bitlocker or Device Encryption. Most mobile devices also support FDE. iOS on iPhones and iPads automatically enable FDE once a passcode has been set. Starting with Android 6.0 (Marshmallow), Google is requiring FDE be enabled by default, provided the hardware meets certain minimum standards.

Information is also vulnerable when it is in transit. If the data is not encrypted, it can be monitored, modified, and captured online. This is why you want to ensure that any sensitive online transactions and communications are encrypted. A common type of online encryption is HTTPS. This means all traffic between your browser and a website is encrypted. Look for https:// in the URL, a lock icon on your browser, or your URL bar turning green. Another example is when you send or receive email. Most email clients provide encrypted capabilities, which you may have to enable. A third example of encrypting data in transit is between two users chatting with each other, such as with iMessage, Wickr, Signal, WhatsApp, or Telegram. Apps like these use end-to-end encryption, which prevents third parties from accessing data while it’s transferred from one end system or device to another. This means only you and the person you’re communicating with can read what is sent.

Getting It Right

To be sure you are protected when using encryption, it is paramount that you use it correctly:

  • Your encryption is only as strong as your key. If someone guesses or gets access to your key, they will have access to your data. Protect your key. If you are using a passcode or password for your key, make sure it is a strong, unique password. The longer your password, the harder it is for an attacker to guess or brute force it. Do not forget your password; without your key, you can no longer decrypt your information. If you can’t remember all of your passwords, we recommend a password manager.
  • Your encryption is only as strong as the security of your devices. If your device has been compromised or is infected by malware, cyber attackers can bypass your encryption. This is why it is so important you take other steps to secure your device, including using anti-virus, strong passwords, and keeping it updated.
  • Many mobile apps and computer applications now offer strong encryption to protect your data and communications. If the app or application you are considering does not support encryption, consider an alternative.

License

OUCH! newsletter is under the Creative Commons license.  You are free to share / distribute it but may not sell or modify it.

In This Issue

What is Encryption?
What Can You Encrypt?
Getting it Right

English
OUCH-201606_en.pdf
Arabic
OUCH-201606_aa.pdf
Bahasa Indonesia
OUCH-201606_ba.pdf
Bulgarian
OUCH-201606_bg.pdf
Chinese, Simplified
OUCH-201606_cc.pdf
Chinese, Traditional
OUCH-201606_cn.pdf
Danish
OUCH-201606_da.pdf
Dutch
OUCH-201606_nl.pdf
Farsi
OUCH-201606_fa.pdf
Finnish
OUCH-201606_fn.pdf
French
OUCH-201606_fr.pdf
German
OUCH-201606_de.pdf
Hebrew
OUCH-201606_he.pdf
Hungarian
OUCH-201606_hu.pdf
Italian
OUCH-201606_it.pdf
Japanese
OUCH-201606_jp.pdf
Korean
OUCH-201606_kr.pdf
Latvian
OUCH-201606_lv.pdf
Lithuanian
OUCH-201606_lt.pdf
Malaysian
OUCH-201606_ma.pdf
Norwegian
OUCH-201606_no.pdf
Polish
OUCH-201606_po.pdf
Romanian
OUCH-201606_ro.pdf
Russian
OUCH-201606_ru.pdf
Serbian
OUCH-201606_se.pdf
Spanish
OUCH-201606_sp.pdf
Turkish
OUCH-201606_tr.pdf
Urdu
OUCH-201606_ur.pdf

Subscribe to OUCH!, our Monthly Security Awareness Newsletter

Get monthly content to keep you up to date on the latest Security Awareness News and Tips.

SANS Security Awareness

301-654-SANS (7267)
Monday-Friday, 9am-8pm EST/EDT

Social

  • Facebook
  • Twitter
  • Linked In

Footer

  • Products
  • Why SANS
  • About
  • Reports
  • Case Studies
  • Resources

Footer utility

  • Support
  • SANS.org
  • Contact
  • VLE Help

Stay up-to-date on the latest security awareness news and tips. 

Subscribe to our monthly newsletter, OUCH!

Subscribe Now

Copyright Nav

  • ©2018 SANS™ Institute
  • Privacy Policy
  • Trademark Usage Policy
  • Credits