Note: This is a part of an online course on Securing Confidential Data.
Secure Data via Encryption
Did you know that if data is encrypted and a data breach occurs, you are not obligated to report it? This is the power of data encryption and can potentially spare the District from unnecessary litigation and expense. This is known as an encryption safe harbor. Texas defines a data breach in terms of sensitive personal information only if the data items are not encrypted (Source: Data Breach Charts, Baker-Hostetler
In this online course, you will have the opportunity to learn how to encrypt/decrypt confidential data files and share them with others.
The Encryption Process
In this online course, you will learn how to quickly encrypt files with a secure password, as well as how to decrypt the password. The process is fairly straightforward and easy. To accomplish encryption, you will learn how to use AESCrypt, a free open source software program.
AES Crypt–which uses a powerful 256-bit encryption algorithm–is a file encryption software available on several operating systems that uses the industry standard Advanced Encryption Standard (AES) to easily and securely encrypt files.
You do not need to be an expert to use AES Crypt, nor do you need to understand cryptography. When using Windows, the only thing you need to do is right-click on a file, select AES Encrypt or AES Decrypt, enter a password, and AES Crypt will do the rest. On a Mac, you can drag a file to the AES Crypt program and provide the required password.
AES Crypt will produce a file that cannot be read by anybody who does not know the secret password. It is as simple as that. (Source: AESCrypt.com
What does encrypted data look like?Below, you will find two examples of data. The first is what data looks like when you send it unencrypted over the Internet, or leave it unencrypted on your computer. The main benefit of unencrypted data is that you can open that document immediately and get to work. The main drawback–and in many cases when that data is compromised, a public relations fiasco for the organization–is that anyone else can open that document and view its contents. Putting a simple Word or Excel password is insufficient since software tools abound that can “lockpick” and ascertain the passwords or remove it. That’s why a stronger solution like AESCrypt is needed.
Here’s what unencrypted data looks like in a text editor:
Student Name, Social Security, Student ID
Juan Gonzalez, 453-22-1497, 033911
Here’s the same data, but encrypted, in a text editor:
Which would you rather an identity thief, or unauthorized person, have access to? If you are like most folks, you will want the encrypted version.
Who can use it?
AES Crypt is the perfect tool for anyone who carries sensitive information with them while traveling, uploads sensitive files to servers on the Internet, or wishes to protect sensitive information from being stolen from the home or office. AES Crypt is also the perfect solution for those who wish to backup information and store that data in a cloud-based storage service (e.g. Dropbox, GoogleDrive), and any place where sensitive files might be accessible by someone else.
Best of all, AES Crypt is completely free open source
software. Since it is open source, several people have contributed to the software and have reviewed the software source code to ensure that it works properly to secure information. Most important to most users, though, is the fact that the software is available at no cost. You are free to use this software in your business, at home, or in your own open source development projects. (Source: AESCrypt.com
What happens to my original file when I encrypt it?
AES Crypt will produce an encrypted file with the same name as the original file, but with an “.aes” extension. When you encrypt a file with AES Crypt, it does not delete the original file. Generally, people encrypt files for the purpose of sending a file securely via e-mail or copying it to a portable storage device that is more susceptible to loss. As such, most people do not want to delete the original. However, you may certainly delete the original file: just do not forget the password. It is impossible to recover the contents of an encrypted file if the password is lost. (Source: AESCrypt.com
Another safety feature built-into AES Crypt is that if you have an encrypted file already with the exact same filename, it will not over-write the previously created file.
Everything posted on Miguel Guhlin’s blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure