You’re probably aware that in the era of Ubiquitous Technical Surveillance (UTS) your data is constantly being collected, shared, and stored. At Ridgeline, we’re focused on helping our customers understand and control what data they put out into the world through an approach called Digital Signature Management so they keep their competitive edge against adversaries and competitors.
Encryption is a small but essential component of Digital Signature Management. It’s a way of securing your data and preventing outside observers from seeing more than you’d like them to see.
Encryption is a technique that transforms data into code that is unreadable without a decryption key. By encrypting your data, you’ll make it much more difficult for cybercriminals to access and steal your information.
Using encryption is like putting your data in a secure vault. Nobody can get in unless they have the key to the vault. That key could be your password, passphrase, biometrics, or some combination. (For guidance on creating strong passwords, check out this article on data safety tips.)
Some modern devices and applications come with encryption built-in. Still, it’s always a good idea to check that your data is encrypted, especially when storing or transmitting sensitive information.
Data at Rest vs. Data in Transit
Data stored on a device, like files on your computer or pictures on your phone, is known as data at rest. This type of data requires different methods of encryption than data being sent or received over the Internet or through a network. This actively moving data is called data in transit.
Data is at risk, whether it’s at rest or in transit. Encryption provides a strong defense against bad actors hoping to access and exploit this information.
Encryption in Layers
There are many levels at which you can encrypt data at rest. When determining how secure you want your data to be, consider applying layers of encryption. You can encrypt individual files, folders, volumes or entire disks within a computer, and USB flash drives and files stored in the cloud. Each of these layers should use a unique passcode to restrict access. After all, any encryption you use is only as strong as the password you’ve chosen.
The best place to start is encrypting the disks or volumes on your computer, especially the ones containing your operating system. This is called full disk encryption, which will keep all the data stored on your device secure. From there, you could apply a second layer by creating a separate encrypted partition on your hard drive where you store your sensitive content. For the highest security option, encrypt specific folders or individual files within the secure partition.
What should you encrypt? Ultimately, it’s up to you. You’ll want to balance ease of access with the level of security you need. Ridgeline recommends encrypting anything that contains personally identifiable information (PII), confidential materials, and intellectual property.
BitLocker and FileVault are two easy-to-use encryption systems that help you secure your data at rest on Microsoft and Apple devices.
Encrypting in layers is also a great method to apply to data in transit. There are many methods for securing data as it moves from one device to another. Here are a few options to consider:
End-to-End Encryption
Once your device connects to a network of any kind, it communicates with that network by sending and receiving data back and forth. This is data in transit. In order for this data to be secure, you should seek out end-to-end encryption options.
End-to-end encryption means that the sender encrypts the data, stays encrypted while moving across the Internet or other network, and can only be decrypted by the intended recipient once that device receives it. End-to-end encryption ensures that your communications cannot be read or accessed by hackers, government agencies, or malicious parties who may intercept the data.
Many commercial messaging applications offer end-to-end encryption. Signal sets the industry standard for secure messaging apps. The company collects very little metadata from its users and all chats and contact lists are end-to-end encrypted by default. Signal also uses an encryption protocol called “perfect forward secrecy”, meaning that each message has a unique encryption key, so if a single key was cracked, outside observers would only have access to a single message instead of the entire chat. Wickr, Wire, Session, and SimpleX Chat also offer end-to-end encrypted for messaging.
End-to-end encryption is also important for email. Protonmail and Tutanota both offer encrypted email services. It’s good to note, however, that messages are only encrypted when emailing someone using the same secure email service.
Virtual Private Networks (VPNs)
Public Wi-Fi networks, such as those available at airports, hotels, and coffee shops, are convenient but can also be a security risk. Hackers can easily intercept data being transmitted over public Wi-Fi, potentially gaining access to your personal information, login credentials, and other sensitive data.
Generally, it’s best to avoid logging into sensitive accounts such as banking or email on public networks. But, if you must use public Wi-Fi, consider using a virtual private network (VPN) that utilizes end-to-end encryption to encrypt your data and protect your privacy.
A VPN acts as a middleman between your device and the wider Internet. You communicate with the VPN’s server through an encrypted tunnel, and the VPN then communicates with the rest of the Internet. The VPN provides both security and privacy.
There are many VPN providers out there, so here’s a few things to keep in mind when shopping for one:
- Check if the VPN provider has a no-logs policy. This means that it doesn’t collect or log any information transmitted through their network. One way to confirm this is to see if there are any recent third-party audits of that VPN provider.
- Make sure your VPN provides DNS leak protection. This covers up a common security flaw in some VPNs, where web browsing requests can leak through, instead of going through the VPN’s encrypted tunnel.
- One optional feature you may want your VPN to have is a kill switch. A kill switch automatically terminates the connection to the Internet if your VPN is disconnected. This ensures no unencrypted data is passed through the network unintentionally if the VPN stops working.
Ridgeline recommends IVPN and Mullvad, which offer paid subscription services, and ProtonVPN which has a great freemium option.
One additional tip about data in-transit – be sure to turn off Wi-Fi when you’re not using it to avoid automatically connecting to unsecured networks.
While it may initially sound intimidating, encryption is an important element of data security and an excellent way to manage your digital signature. The more difficult it is to access your data, the less information your adversaries will have to work with.
Concepts in this article are derived from Ridgeline’s POLAR 101 Insights course. The POLAR Training Series provides a hands-on introduction to Digital Signature Management using Ridgeline technology to visualize Ubiquitous Technical Surveillance (UTS) threats and develop practical skills for managing digital signatures.