Encryption – Keeping Your Data Safe
Have you ever thought about what you would do if someone obtained access to all the information you stored electronically? Chances are high that you store sensitive files on the computer(s) you use for work and at home. Files such as client lists, contracts, business plans, trade secrets, internal and external communications, and financial results are not to be shared with unauthorized persons. Well, this happens more often than it should. In this post, we are going to cover a few things you can do to help lower the risk of your information falling into the wrong hands. We will cover whole disk encryption and file sharing encryption.
Whole Disk Encryption
This technology that protects the information you store on your computer by converting it into unreadable code that cannot be deciphered easily by unauthorized people. When this technology is used properly, a lost or stolen laptop/desktop will not result in someone else obtaining the information on the computer. The following are some options to consider:
Windows 7, 8 or 10 BitLocker – Microsoft built into more recent versions of Windows (Enterprise and Ultimate editions) the ability for the user to enable whole disk encryption using built-in software called BitLocker. You can read about it here and here. If you have Windows, using this is a no-brainer.
OSX 10.3 – 10.11 (El Capitan) – Apple built into these versions of OSX, the ability for the user to enable whole disk encryption. You can read about it here and here. Go into System Preferences – Security & Privacy and Turn On FileVault. Your CISO will be very proud of you.
TrueCrypt – This is my personal favorite if you don’t have the ability to enable BitLocker on your Windows computer. TrueCrypt works on OSX too, but just use FileVault if you are using OSX. You can read about and download TrueCrypt here and read about it here. And yes, it is safe to use. There was some speculation that the National Security Agency (NSA) had a way to circumvent TrueCrypt’s encryption, but thankfully this turned out to be false. Here is a link to TrueCrypt alternatives that you may find useful.
Cloud File Sharing Encryption
There is literally almost no one left in the Western World that has not heard of or uses Dropbox, Box, Google Drive, iCloud or OneDrive. These are excellent at sharing files with other individuals whether they are colleagues at work or other people you know like family and friends. However, there is one drawback, and for some IT departments it is a major drawback. The drawback is this, these cloud file sharing services use server side encryption. Without getting into too much technical detail, server side encryption means the company that runs the service can access your data if they really want to. To some people this matters a lot and to others it matters less.
For those that want to share files without having to consider whether or not cloud hosting companies have access to your data, there are several solutions that use end-to-end encryption. You can read about end-to-end encryption here. It basically means that only you and others that you specify can access the information stored in the cloud file sharing service you are using and no one else. Below are some options (there are many more than listed below) to consider for cloud file sharing.
Tresorit – This works similar to Dropbox, except it uses the important end-to-end encryption method. No one is getting access to your data with this service unless you give them your passwords. Tresorit even has a hacking challenge that you can read about here. We use Tresorit and it works very well.
SpiderOak – This is another great option that uses end-to-end encryption. It’s more of an option for individual users than those in a company setting. Some of us have used this service and it works well.
Sookasa – This is an add-on to Dropbox or Google Drive that enables end-to-end encryption on your files. We have not used this; however, it has received good reviews by a number of users.
Regardless of the solutions you or your company use, the objective is to keep your information secure so that only authorized individuals have access. If you are not using encryption, please work with your IT department, IT consultants or others knowledgeable about your environment to help figure out your best options.
 If you are using a work computer, make sure to discuss encryption with your IT department before doing anything without proper authorization.
 If you are running Windows Professional or lesser editions, BitLocker is not available to you.
Newel Linford is the co-founder of Linford & Co., LLP, the Managing Partner, and specializes in SOC and royalty examinations. He started his career with Ernst & Young in 1997. He has lectured at Data Center World, Rocky Mountain Area Conference for Finance & Accounting Professionals, University of Denver, and University of Colorado Boulder. He works closely with his clients so that the examinations meet the public needs and are performed in accordance with professional guidance.