With many nonprofits embarking on a process of digital transformation, the amounts of personal information managed and stored online are growing at rapid speed. As a result, knowing how to keep data private is an important and urgent skill––especially for nonprofits. As our friends at TechSoup US explain: “As nonprofits, we often handle sensitive information about those we serve. And in many cases, we handle data of vulnerable or at-risk populations, whether it's refugees, children, homeless individuals, or domestic violence survivors. We work in parts of the world where the safety of vulnerable individuals isn't guaranteed. It wouldn't be a stretch to say that sometimes people's lives depend on our data security.”
Encryption is one way to ensure that your organization is implementing strong cybersecurity practices. In the rest of this article, we look at what it means to encrypt data and offer preliminary suggestions to help you adopt stronger data privacy strategies.
What is Encryption?
Norton, the data security company, defines encryption as the process of scrambling readable text so that it can only be ready by recipients who have the secret code, also known as a ‘decryption key’, to unlock it. The code is essentially a collection of algorithms that work to both scramble data and then unscramble it so that it becomes readable again.
As a practice, encryption is a strong way to protect sensitive data while it is being sent, received, stored, and accessed on any device. This can be anything from text messages sent to a smartphone, account log-in or banking information, as well as data stored on personal devices such as fitness watches, e-commerce apps, and more. This can be done primarily in two ways, through symmetric or asymmetric encryption:
- Symmetric encryption works by relying on a single password to both encrypt and decrypt data;
- Asymmetric encryption uses two keys: a public key, which is shared among users to encrypt the message, and a private one, which is not shared, to decrypt it.
This video by Mashable explains what encryption is and how it works in action:
Why Should I Encrypt My Data?
There are many reasons for using encryption, such as:
- Privacy: encrypting your data keeps important information out of the reach of unintended recipients, and helps protect the privacy of your contacts and constituents;
- Security: with encryption, your organization is better protected against data breaches, helping to minimize the risk of costly and damaging cybercrime attacks;
- Regulations: For many institutions and organizations, especially ones in sensitive fields such as healthcare, encryption is often mandated by government agencies, therefore your organization may need to comply with and implement policies to ensure the safety of its data.
To get started encrypting your data, below we take a look at the most common devices and tools used by nonprofits:
Smartphones and Tablets:
As our friends at TechSoup US point out, “on iOS and Android devices, using encryption is a relatively simple affair.” Many recent Android devices, for example, have encryption turned on by default. If you are using an Apple device, “all you need to do is set a passcode or password for your device. To do so, to go the Settings app, tap Touch ID & Passcode, then tap Turn Passcode On and follow the on-screen instructions. You can also make it so iOS or iPadOS will erase the data on your device after 10 incorrect attempts to unlock your device.”
Computer Hard Drives:
As one of the most used devices, it’s important to make sure that the data that is sent and stored to your computer is safe from unwanted attention. Implementing a full disk encryption (FDE) is a great way to do so, as it encrypts every bit of information found on your disk and prevents unauthorized access to data storage. This article on Medium offers helpful pointers for both Mac, Windows and Linux users on how to get started with a FDE.
With more of us working from home and socializing digitally, it’s important to think about the safety of our text messages as well. Popular platforms like WhatsApp and Telegram both offer what is known as ‘end-to-end encryption’, meaning that only you and the person you're communicating with can read or listen to what is sent, and nobody in between. Signal is a similar messaging app that is growing in popularity because of its strong focus on privacy. The app is used by the likes of Edward Snowden and Jack Dorsey, CEO of Twitter, because of its open source Signal Protocol which, as this Wired article explains, is quickly becoming the industry standard.
Last but not least, protecting your emails is just as important! If you are a TechSoup Canada member, you may be eligible for Tutanota, an open source email service available for both web and mobile. Tutanota automatically encrypts all data on your device, including your email messages and your contacts. If you are new to email encryption, check out the video below. Hanna from the Tutanota team explains in less than 4 minutes how you can send your first encrypted email with their software!
If you’d like to keep learning more about encryption and online safety, we have rounded up a few resources to help you do so:
- Did you know? The TechSoup US team offers a bundled cybersecurity e-course to help make your organization safer, as well as a downloadable 12 Steps to Internet Safety for Nonprofits guide.
- Mozilla’s fifth instalment in their password security guide is all about disk encryption, check it out to learn more!
- Curious about the encryption software available out there? PC Mag has reviewed the best options for 2020 to help you pick the one that’s right for you.
- Want to take your encryption skills to the next level? Don’t miss Wired’s article, How to Encrypt All of the Things.