Data Encryption 101: Best Practices

If you are new to data security, encryption might seem overly complicated and hard to understand. While encryption itself can be complex, understanding what it is and how it works doesn’t have to be.

Encryption is the process of encoding data so that it cannot be read without a key. Encryption is a key facet of modern computing — we often need to send data across the world quickly, and naturally, we only want it to be seen by its intended recipient. This is true whether we are sending our credit card information or if we are discussing sensitive company data with a colleague. This is considered data “in transit”, and it should be encrypted as it travels from one place to another.

When data is stored at your facility, or “at rest,” it also needs to be protected. Your computer and servers have a massive amount of information, and the most sensitive information should also be encrypted to keep it protected in the case of a breach or if the hardware is stolen.

If you are new to data encryption and want the basics — and how to tell if a service you are using is employing efficient encryption techniques — look no further than these encryption best practices.

Best Practice #1: Protect Personally Identifiable Information

The first step to any data encryption policy is to identify what data needs to be protected. One important data set to protect is Personally Identifiable Information (PII). PII is any data that can be used to identify a specific individual, including Social Security numbers, phone numbers, email addresses, and physical addresses. However, with digital data becoming just as important as physical data, PII can include IP addresses, login IDs, geolocation, or digital images.

PII needs to be protected, not only because it is the right thing to do, but also because many government regulations demand it. These regulations come in many forms, including the GDPR, the FTC Act, HIPAA, GLBA, and the TCPA. While each of these regulations govern a certain industry or country, their stances regarding PII are the same: it is your responsibility to keep it protected. Encryption is an ideal way to do this.

Best Practice #2: Understand the Difference Between C2S and E2E

With encryption being an important part of data security, many services will boast that they protect your data with encryption. However, if you are new to encryption, it is important to understand that not all encryption is treated equal.

Encrypting data that is in transit — traveling from person to person or from a person to the cloud — is extremely important for data security. What many don’t understand, though, is the difference between client-to-server (C2S) encryption and end-to-end (E2E) encryption. The difference between these two can be the difference between keeping your data secure or being the victim of a breach.

C2S encryption does protect your data while it is in transit, but it is decrypted at the server. It is then encrypted again as it travels from the server to the recipient. E2E encryption encrypts the data the entire time it is traveling from one user to the other — so even the server never decrypts the message.

Logically, you can see why E2E encryption would be the ideal choice when it comes to security — encrypting the data the entire time it is traveling leaves your data less vulnerable than decrypting it halfway through. After all, if the server is compromised, so are your keys and your data. But if your data is encrypted the entire time it is in transit, only able to be decrypted by the other user, then it is much more protected.

This distinction is key to keeping your data safe while it is in transit. If you aren’t sure which kind of in-transit encryption your service uses, then you need to find out — immediately. 

Best Practice #3: Protect Cryptographic Keys

Since encrypted material can only be read if you have the proper cryptographic keys, then it makes sense that protecting these keys is essential. Keys should be kept safe and stored in secure key vaults, in a separate location from the encrypted data. After all, you don’t want to provide bad actors with the encrypted data and the key at the same time. In addition, it is wise to keep backup keys in a third location, just in case.

As often as is practical, assess your encryption strategy and ensure that all permissions are necessary and that any applicable software has been updated. Just because your encryption was secure at one time doesn’t mean that it is still secure. Make sure that you frequently check your security protocols and make sure that they are updated and secure.

Wickr: Full End-to-End Encryption for Your Communications

Wickr employs full end-to-end encryption for all of our features, including not only our messaging, but also file sharing, voice and video calls, voice and video conferences, and more. Your data is so secure that not even Wickr can access it. 

What’s more, a new random key is generated for every call, message, and file — meaning that even if someone was able to crack the key of one message (doing so would take trillions of years!), all previous and future messages would still be protected.

At Wickr, we take your security seriously, so that you can communicate without compromise. Learn more about Wickr today!