Hi, guys! It’s time for the new series… which is all about cybersecurity! Boring, you must be thinking. But no! Cybersecurity might seem tedious and difficult to understand, but it’s very important and relevant in today’s day and age, with cybercrimes occurring so much. So, it’s time to delve into the first topic for this series… Encryption!
What is encryption?
Yes, great question. Without knowing what encryption is, how can we understand its importance? Have you ever saved a contact on your phone, bought something online or sent a text message? All of these things are your information, and they’re saved as encrypted data. Encryption is an online tool that hides classified information exchanged across the internet or saved on computer systems.
It makes text into an unreadable code called ‘ciphertext’ that cyber-criminals and nosey people can’t read by scrambling letters. The recipients have their own key to reorder the letters and make the message readable again once they receive it. This rearranging is known as decryption. Even if the message is intercepted before it gets to its intended audience, it can’t be read by hackers!
It’s crucial to use encryption when exchanging private or confidential information. This means, emails containing confidential data, online shopping (the private information here is your bank details), saving classified data in the cloud and keeping sensitive information on your device if it is stolen… are all examples of instances when encryption should be used.
Types of encryption
To encrypt and decrypt information, you need a series of numbers called an encryption key. They’re formed with algorithms, and each one is random and different. Here are the 2 major types of encryption systems:
Symmetric encryption
This is when users use one key for their encryption/decryption. The key could be a code or a random alphanumeric series of characters created by a random number generator (RNG) - the latter is usually necessary for banking-level encryption. The simplest and most common type of encryption is the symmetric one as it is faster than its counterpart. This is because there is one shared key between both people, and this key is generally short.
Asymmetric encryption (also called ‘public key cryptography’)
This type of encryption has 2 different keys for encryption and decryption. A public key can either encrypt or decrypt data and is shared among users, whereas a private key is not shared. With the public key, only the intended audience can use the corresponding private key and decrypt the message (this applies if the information was intercepted during transit as well). The private key lets the recipient verify the who the sender is. This is because data that’s been breached or tampered with by an unauthorised person, won’t be able to be decrypted by the recipient. However, asymmetric encryption’s added security and longer keys make it way slower and less efficient compared to its counterpart. It can even create difficulties with battery life, networks and memory capacity.
Why is encryption important?
To avoid cyber threats, of course! Encryption ensures secrets shared through the internet or stored on the cloud, actually remain secret. More than 75% of cyberattacks begin with an email, so encrypting your personal information makes it harder for hackers to get to you. Some institutions are also necessitated to have encryption by law - such as healthcare, higher education and retailers.
But encryption can also be your enemy. When hackers spread malware supposed to encrypt various devices, the information saved on them is unavailable. This is called “targeted ransomware”. In order to decrypt the data, the hackers typically ask for a ransom. The goal is to make internet users and businesses to pay up so that they can regain access to their information. But you can protect yourself from these cyberattacks by downloading trusted and updated security software on your devices, not opening suspicious-looking emails and backing up your data. But one thing is for sure, if you do get a ransomware attack, do not pay the ransom. You don’t know for sure if you will get your data back, so it’s best to report the crime.
Which chat apps are encrypted?
You can tell if a website is encrypted if its URL includes an “s” in the “https://”. As for chat apps, some of them are encrypted, but not all. WhatsApp, Messenger, Meta, Telegram, Snapchat, Signal and iMessages are all encrypted apps. So anything you write on them are protected from snoops! However, as of now, Instagram is not an encrypted app. So be careful of what you share on it, as hackers and other cyber-criminals will be able to access your data quite easily.
X (Twitter) is slightly complicated. Its directed messages are encrypted, but only if the two parties have the most updated version of the app for the web, iOS or Android. Affiliation with a Verified Organisation or being a verified user is also required for both parties in order for their chats to be encrypted. Thirdly, the recipient has to have followed the sender and sent a message previously, or the recipient should have received a DM request from the sender and accepted it. There are several further conditions required for encryption on X, which you can read more about here.
Right! So that’s all about encryption! The first blogpost for our new series has come to an end. Now you know encryption is important and can check if you have it on the websites and apps you use. So, go get your devices encrypted and stay safe. I’ll see you later!
References:
"How does WhatsApp end-to-end encryption work." Business Today, 8 Jan. 2019, www.businesstoday.in/latest/story/how-does-whatsapp-end-to-end-encryption-work-156881-2019-01-08. Accessed 12 Jan. 2024.
Stouffer, Clare. "What is encryption? How it works + types of encryption." Norton, 18 July 2023, us.norton.com/blog/privacy/what-is-encryption. Accessed 12 Jan. 2024.
Whitney, Lance. "Twitter rolls out encryption for direct messages but with key limitations." ZDNET, 15 May 2023, www.zdnet.com/article/twitter-rolls-out-encryption-for-direct-messages-but-with-key-limitations/. Accessed 12 Jan. 2024.
I thought I had a decent understanding of encryption, but I know know how wrong I was! This is really good 👏🏼
Thanks for this detailed explanation Pengi. We use 2 layer authentication and incription for all our communications. We also use additional tools in our firewall to handle this very same topic. recently, our organisation has employed a full time security specialist to handle all things IT security.
well done and keep up the great work!