With information becoming digitized Godspeed, it is high time encryption has become a household name. Not to mention the responsibility this puts on the governments around the world. With centralized data at its centre for many governments, it is of paramount importance to adopt encryption practices. Below, some basic tips are shared to help you guide through these processes.
- Data at rest and Data in transit.
To put in simple words, data at rest is data that is stationary and is stored in hard drive, laptops, tapes, database, mobile devices, etc. On the other hand, data in transit is movable data via private networks or the Internet.
Data at rest should be encrypted using strong methods like Advanced Standard Encryption (AES) or Triple DES/Triple Data Encryption Algorithm, and Diffie Hellman or RSA for key exchange. Data that moves through HTTP channels are prone to theft as it is usually in plaintext. To avoid this, please resort to channels HTTPS OR TLS (TLS 1.2 or above is preferred). SSL is not a viable option as it has seen a surge in vulnerabilities (POODLE, Heartbleed, etc.).
- Be smart.
Encryption protects your data, yes. But if you still prefer static passwords then it poses a significant threat. In organizations, many systems still choose static passwords. Make your team aware of the risks it entails (how the reputation of the organization may come down if a data breach takes place), and prompt them to use stronger, complicated passwords or strong authentication.
- Prevent unauthorized access.
To avoid getting played by your own team member (in case you have a lurker), make certain that separation of duties and least privilege policies are in place. Separation of duties will maintain a certain level of secrecy amongst the team. This way one cannot access the data without gaining the information that the other person holds. And with least privilege policy, team members are made aware of the limits to which they can go. These are some basic measures to avert information leakage from inside.
- Get a hold of digital signatures.
To uphold data integrity, practice using digital signatures for sensitive data. It is a mathematical scheme to ensure authenticity (message is from the trusted sender) and integrity (message hasn’t been tampered). Digital signatures use asymmetric cryptography like RSA, ElGamal, etc. This gives you extra layer of encryption and in case of a foul sender, the recipient will be able to identify the fraud using the public key to your private key.
5. Sign your mail.
The most common form of hacking is email hacking and yes, the statistics is increasing. Using emails within organizations to share sensitive data is a vulnerable spot for hackers. Many data breaches befell in the past few years which were later released by hackers (email communications, invoices, client lists). To stave off such loopholes, please practice signing emails. This practice ensures non-repudiation.
- Consistent cybersecurity checks.
Encrypting data systems is the easiest part. The challenge is to have the proper procedures and controls in place (for example, managing cryptographic keys) to keep away from vulnerabilities in the security systems. The biggest danger for organizations comes from having below par cyber security practices which leads to sophisticated attacks from cybercriminals. An embarrassing example being The OPM Hack of 2015.
- Employing Public Key Infrastructure (PKI).
PKI has become an integral part in securing email communications especially within the eGovernment framework. There are various components that are covered under PKI ranging from Certification Authority (CA) over policies to user credentials. It is majorly used for protecting content such as DRM, EMV payment services and trusted devices.
Have a good time encrypting!