Using encryption to protect your IT

Encryption is the transformation of data to hide information or prevent its undetected modification and unauthorised use.

Most small and medium-sized enterprises (SMEs) already use encryption, even if they don’t realise it. Mobile telephone transmissions are encrypted, as are most wireless networks, even when deployed straight ‘out of the box’. Some manufacturers of tablet computers and laptops also incorporate data encryption as standard.

Caution is advised, because making basic errors can mean encryption no longer provides protection. For example, encryption is useless if an attacker can easily guess your key or if it’s written on a slip of paper left inside your laptop carry case.

Encryption rules

If you have an encryption capability, check it is turned on. Often you are advised to turn off encryption when resolving connectivity or other hardware problems, and it is easy to forget that your protective capabilities need to be re-enabled once a problem has been solved. You must also follow the configuration rules set by the supplier of your encryption software.

If your computer (particularly a laptop or tablet) does not have built-in encryption, consider buying and installing a third-party hard disk encryption product to protect data on your computer when it is not in use. This particularly applies if you hold personal or other sensitive data (eg financial information or HR records), when your business partners or customers may well insist that you do so.

Do not try to build your own encryption system – it really is best left to the experts. And don’t meddle with encryption products – use them only as recommended.