Data encryption – can good intentions go bad?
Robin England, Senior Research and Development Engineer at Kroll Ontrack warns it is not all good news for everyone rushing out to encrypt their data.
Following the sensational revelations of Edward Snowden in 2013, giants of the IT industry including Google and Facebook and most recently WhatsApp have reportedly tightened up their use of encryption significantly, to prevent apparently easy access to data on their platforms by hackers as well as security services.
Corporations have also increased their use of encryption. A recent report from Dell found that the amount of encrypted traffic travelling through corporate firewalls had doubled over the previous 12 months and now accounts for almost two thirds (65 percent) of all communications.
The use of complete encryption solutions such as BitLocker or the native Windows Encrypting File System (EFS) booms at the mere mention of an eavesdropping scandal, cyberattack or data breach. It’s not just IT professionals who are choosing to encrypt corporate data but also home and small business users who wish to protect data from unauthorised access.
Encryption is one of the most common methods of protecting data on a personal and a corporate scale. There are numerous software programs and hardware tools that can be used to do this and in the past year Kroll Ontrack has seen a big increase in the quantity of encrypted media for recovery, not only from home users but also from large businesses too.
It has become clear that many people who encrypt their data don’t think about the risks that come with it, including the possibility that the software or hardware can fail: however it is not uncommon for the encryption process to go wrong and for the data to become irretrievable.
So can data be ‘too safe’ from a data recovery point-of-view?
The answer is yes. Especially when you consider the complexities of recovering data from encrypted media where either the software has failed, or users are unable to provide the necessary passwords for recovery. Encryption as a tool is designed to be a friend to organisations and individuals doing their best to safeguard their information, but it can introduce potential problems that users may not be aware of until it is too late.
What individuals and corporations must do is encrypt data with full knowledge of the process, and do so intelligently, taking into account the pros and the cons and picking the right solution for them and their data.
Simple steps to managing safe data encryption:
- If deploying a software encryption product, choose one that is well used, tested and proven to be successful
- When selecting a password use one that is memorable to you but difficult for third parties to guess – your DOB, 12345, or password are common but very bad choices. Longer passwords with a combination of numbers, caps and symbols are better options.
- Think about what actually needs to be encrypted rather than encrypting everything automatically: personal photos may be important to you but they don’t really have to be protected.
- Maintain a rigorous back-up schedule so that data is always recoverable and test your ‘restore and decryption’ process frequently, to a different drive than the original drive.
- Keep copies of credentials (username, passwords) locked away physically in a secure place (e.g. a safe).
- When installing encryption software for the first time always choose the option to create a recovery key or recovery disk and keep this locked away in a secure place as a data recovery engineer will almost certainly need it.
- Remember that saving, storing, copying, moving, or backing up data on several partitions does not prevent the drive from data loss. If a drive is corrupt, several partitions can be affected simultaneously.