encrypt more sh*t

“encrypt more sh*t”

 I love this comment, it isn’t mine, I heard it at a security conference once and it is just perfect, I agree, whole heartedly. While I might get carried away, you should absolutely encrypt everything, you really want to strive for end to end encryption online, whole drive encryption on your devices – anything with any sort of storage media internal like your smartphone, tablets, palm pilots 😊, laptops, USB storage devices otherwise known as thumb  or flash drives, IoT’s – anything with the ability to store data, ought to be encrypted. You want to ideally encrypt end to end transmissions of all your communications – websites you visit, email, text messages…if anyone is able to intercept or eavesdrop, all they will get is a bunch of rubbish that is unreadable.

Starting with websites, look for HTTPS, where the “S” means Secure. Even better, as of this writing, you want to look for HTTPS that is using TLS 1.3 or better. Transport Layer Security or its predecessor SSL encrypt your plain text data in transit across networks. The higher the version of SSL or TLS the better, generally. With TLS 1.3, you are sure to have the strongest encryption enabled on your browser.  A good way to think about it, is a pipe and your data is inside that pipe.  HTTP or “in the clear” could be seen as a transparent pipe, where anyone can see everything you do, visit or type clear as day. That credit card purchase, with your pin number, or your social security number or medical information? You don’t want that. Go for the secure pipe that makes all the data traversing it look like indistinguishable rubbish.

Before I go on, it’s important to realize that in the age of the internet, data exists in 3 forms. At rest, in transit and in use. Encrypting data at rest and in transit are commonplace and easy and inexpensive to turn on to protect your privacy.  What isn’t as commonplace is encryption for in use data. That is a little more challenging but not impossible and is becoming more prevalent as a means to protect against a hacker gaining access to volatile RAM (memory) and stealing the decryption key to decrypt the data at rest on that computer or network. I won’t get into the weeds on this too much here, but I am sure you have heard about Intel and other chipsets with vulnerabilities in them that could allow an attacker to be able to do just that.

Know your data. Know where you store it, where you use it and keep track of who has it, either with or without your permission as we see in breaches. Be aware, not all breaches are reported and even if they are, they are reported sometimes years after they happen.  It is so very important for you to know your data, know where it is at all times, and keep it protected.

Use a VPN – but not a “free” one. Watch out for “free”. If the tool is free, then you are the product. Remember that. Privacy policies are updated and changed all the time and who knows if they are even followed…let’s face it, very few of us actually read those “click through” agreements anyways. So, be smart and pay a few bucks for a decent VPN and use it every time you connect to the internet. Every time. A VPN will protect you for those times when you don’t have much of a choice and the website you are on is not using HTTPS, or your IP address is leaking your location information.

Security isn’t a checkbox and there is no security blanket. Privacy is your responsibility, take it seriously. Encrypt all the sh*t.