Why “crypto” isn’t just for spies: A beginner’s guide to keeping secrets

For years, "encryption" has sounded like James Bond technology to many PC users - but new systems have made "crypto" technology easier to use, and a great way to protect the files you REALLY value.

For years, “encryption” has sounded like James Bond technology to many PC users – but new systems have made “crypto” technology easier to use, and a great way to protect the files you REALLY value.

Encryption has always sounded like a James Bond technology – and it turns out, thanks to the recent NSA and GCHQ scandals, that Commander Bond – or at least his real-world equivalent – may well have been decrypting our encrypted communications for years.

But “ordinary” PC users can feel intimidated by it – for years, it’s been something that IT staff handled – and it’s also been highly complex to use, requiring Zen computer skills on Windows, or enterprise-level software.

Even IT people have worried about encryption in the past, says ESET Senior Research Fellow David Harley, “When I did user support, I was paranoid  about ensuring that people didn’t encrypt data until they’d sorted out their backup/recovery mechanisms. Sometimes the IT team can’t fix your lost passwords.”

But as more and more of us carry valuable information on portable devices like laptops and even handheld devices such as smartphones, encryption is something even ‘normal’ computer users can use – and should consider.

It’s now easy to use encryption on devices such as Android phones and tablets – and offers peace of mind if you DO have to carry one very valuable piece of information on a handheld – although do bear in mind that the risk of physical theft is always present.

ESET’s Harley says that, for ordinary users, the concern is NOT governments – it’s criminals, “The recent concerns about government surveillance have more people thinking about protecting their data, people who never gave it a thought before, which isn’t a bad thing, but the main danger to the average individual isn’t surveillance by governments, but intrusion by out-and-out criminals.”

Don’t fear “crypto” – it’s easy to do, and often built into your device

Sadly, few of us live lives so exciting that our boss will hand over a disc, saying, “Guard this with your life”. But most of us have files we want to keep safe. Encryption used to be a ‘pro’ IT skill – requiring enterprise-level software. Now Windows 8 has a pretty good system built in. Right click a file, click Advanced, then Encrypt. Back up your certificate for the file (otherwise you’re locked out), then double-lock by encrypting the disk – now standard in Windows 8. That should baffle all but the most determined cyber-crooks. It’s not fully enabled by default – this detailed We Live Security guide will help.

Don’t worry about spies, unless you, too, are a spy

ESET’s Harley says, “Governments and law-enforcement agencies are actually going to see the use of encryption as an indication of ‘something to hide’ and possibly deserving a closer look.

“On the other hand, paraphrasing Bruce Schneier, if a well-resourced intelligence agency or LEA wants to know your secrets ‘they’re in’, and some much-hyped encryption programs will offer very little resistance. Selecting the right security software of this sort and properly installing and maintaining it is not easy. If you want to do it properly – and safely! – it needs time and care.”

If you want to keep something safe, don’t leave it on your PC

Cybercrime relies on your valuables – whether they be confidential files, banking details or Bitcoin wallets – being within reach. If you disconnect from the Internet, you are safe from online attacks. If you’re connected, anything on your PC is at risk – even if that risk is minute, and you ‘play by the rules’ security-wise. To stay truly safe, keep important data offline – an encrypted USB stick works well (here’s an example of this type of solution). Put that stick in a deposit box, and you’re even safer. A detailed guide by ESET experts to backing up data can be found here

Use good passwords, and if possible, lock those away too

Even IT experts use bad passwords some days – if you’re browsing a site you know you’ll never visit again, say. For precious data, though, use a unique password – a complex one that cracker software will find indigestible, although even that will only buy you time if the password IS stolen. Better still, use a secure password-generator like LastPass. That, combined with an encrypted disk, will make most cyber criminals give up in disgust.

Remember that Inboxes and Outboxes have long memories

When the New York Times front page was defaced by hackers this year, the password used to carry out the hack came from an email outbox. If you value something, or if it’s highly confidential, you should take extra precautions before emailing – it could easily sit in the recipient’s inbox and be stolen from there. If it’s a confidential work file, ask advice from an expert – you could, for instance, email the file in encrypted form, and then send the decryption key by a different communication channel. If it’s really important, encrypt it, and deliver it physically.

Keep your PC clean

Most of us have a lot of precious digital possessions these days – so it’s not always practical to keep them on a removable hard drive with military encryption built in (cool though those things are). The most important rule is, as always, update your operating system, your browser, helper apps like Flash, Java and so on – and, invest in good AV, like ESET Smart Security 7 – this lessens the risk from spyware, keyloggers and other tools used by cyber-thieves.

Getting into this? Consider encryption software

If you’re frequently dealing with confidential documents, there are many software packages built to encrypt files – although many are still not particularly user-friendly, and that can be nerve-wracking when you are dealing with software where one password problem can mean your data is gone forever. Most are functional, though, and offer solid levels of protection – but it’s a matter of taste, and of your own level of computing skills, which you choose. Try out packages such as PGP, its open-source equivalents, or built-in OS software such as Bitlocker Drive Encryption for Windows. Recently, ESET added encryption solution provider DESlock to its Technology alliance Program, so check them out as well.

Don’t over-trust companies you work with

In business, cybercriminals will target the weakest link – which means you can live a life of cast-iron security, and they STILL steal your data. Professional services companies such as accountants and lawyers are often targeted as a ‘way in’ to financial companies – as are third-party bank card suppliers. If possible, don’t share. Keep it in your office, under digital lock and key. ESET’s Harley says,

Encryption solutions are often compromised because people forget to give the same attention to other factors such as using safe[r] transaction protocols, good anti-malware protection to reduce the risk from subversive malware such as keyloggers, keeping confidential data well inside a protected network and away from unsafe services. It may not matter how good your security software is if your data is shared with companies and sites who don’t maintain the same standards.

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center