What is encryption and how does it work?

Don't leave your business's sensitive data vulnerable to hackers and cyber criminals – supplement your organisation's security protocols with encryption.

Decorative image

What is encryption?

Encryption is the technical process by which information is converted to secret code, thereby obscuring the data you’re sending, receiving or storing. Essentially, an algorithm is used to scramble the data, before the receiving party unscrambles the data using a decryption key. The unscrambled message contained within unencrypted files is referred to as 'plaintext', whereas in its encrypted form, the message is referred to as 'ciphertext'.

Think about how much important information is held on your company’s files, folders and devices. Now imagine what would happen if that information fell into the wrong hands. From personal data about your employees (e.g. their addresses, national insurance numbers, tax codes, etc.) to details about your company’s finances and bank accounts, you’re likely to have a large amount of data that needs to be restricted to authorised parties. Encryption is one of the best ways to keep your business’s confidential data protected against cyber security threats.

In some form or another, encryption has existed since the dawn of recorded history. The ancient Greeks encrypted messages using a tool called the 'scytale', while in World War II, Germany used their famous Enigma machine to protect military and diplomatic transmissions. Modern encryption techniques have gone through numerous iterations, but they can mostly be broken down into two categories: symmetric key algorithms and asymmetric key algorithms. We’ll explore these encryption schemes in a little more detail later.

It’s also worth noting that encryption plays a significant role in ensuring the safety of your internet browsing. Many websites use a Secure Sockets Layer (SSL) which encrypts data sent to and from the website, stopping hackers from accessing the data while it’s in transit. In recent years, however, Transport Layer Security (TLS) has displaced SSL as the standard encryption protocol for authenticating website origin servers and maintaining the security of HTTP requests and responses.

Theoretically, it is possible to decode encrypted files without an encryption key, but it would require an enormous amount of computational power to crack a well-designed encryption scheme. This is what is meant by the colloquial phrase 'brute force attack'. Although modern encryption methods, especially when coupled with strong passwords, are highly resistant to brute force attacks (it would take hackers billions of years to crack properly encrypted files), they may become more of a problem in the future as computers become increasingly powerful.

How does encryption work?

At the most basic level, encryption is a way of preventing unauthorised access to your data. Using encryption, you can encode a simple, clear message ('Dropbox is awesome!') into a scrambled message that would be incomprehensible to anyone who happened to view it in its encoded form ('9itQg7nbV781+f55eXC1Lk'). The encrypted message is sent via the internet, and once it arrives at its destination, the recipient will have some way – usually an encryption key – to convert the scrambled message back to its original format (“Dropbox is awesome!”).

Above we mentioned asymmetric encryption and symmetric encryption. Broadly speaking, these are the two main types of encryption that you’ll encounter, but how exactly do they work? Here’s a little more information about these data encryption systems:

  • Symmetric key algorithms: In a symmetric key system, related or identical encryption keys are used for both the encryption and decryption process. In some circles, the shared key is referred to as a 'shared secret', because the sender/system overseeing the encryption must share the key with anyone who is authorised to decrypt the message. There are many different examples of symmetric key algorithms, including AES, Triple DES and Blowfish.
  • Asymmetric key algorithms: In an asymmetric key system, also referred to as public-key encryption, different keys are used for the encryption and decryption process. One key is shared publicly and can be used by anyone (hence the name 'public-key encryption'), while one is private. This makes asymmetric key systems even more secure than symmetric key algorithms, because hackers or cyber criminals can’t copy the key while it’s in transit. Examples of asymmetric encryption include RSA and DES.

So, that’s a top-line description of the encryption process, but how does encryption work for businesses? Well, from the enterprise side, it’s important to note that many devices offer encryption as standard. Windows offers a built-in, full-service encryption feature called BitLocker, which makes use of the AES encryption algorithm, while macOS and Linux also offer built-in encryption options. Moreover, when it comes to encrypting your emails, there are plenty of baked-in encryption tools for major email applications, including Microsoft Outlook and Apple Mail.

Why is encryption important?

Today, encryption is table stakes for enterprise. Why? First, security. According to Risk Based Security’s 2019 Year End Data Breach QuickView Report, over 15.1 billion records were exposed throughout the course of 2019, an increase of 284% over the figures for 2018. The research firm characterised 2019 as the 'worst year on record', and we’ve already seen major data breaches in 2020, with 8.4 billion records exposed in the first quarter of 2020 alone (a 273% increase on Q1 2019). Encryption can help to keep your business’s data safe from hackers and cybercriminals. Assuming it’s properly encrypted, the data on your company’s servers or devices should be secure, even if the device is lost or stolen. Furthermore, encrypted communications should ensure that you’re able to communicate externally and internally without leaking sensitive data. Put simply, dealing only with encrypted files can stop your data from falling into the wrong hands.

Then, there’s the regulatory aspect. Many industrial regulations stipulate that companies handling user data must keep that data encrypted. PCI DSS (Payment Card Industry Data Security Standards), a set of general practices governed by the world’s major credit card companies, is a great example of this. One of the 12 key PCI DSS requirements states that businesses which directly handle their customer’s card data should 'Encrypt transmission of cardholder data across open, public networks'. Failure to comply can lead to a broad range of penalties, including monetary fines, liability for fraud charges and the suspension of your ability to receive credit card payments. There are also many governmental regulations that demand encryption. In the European Union (EU), for example, GDPR requires businesses to implement technical and organisational measures to ensure personal data is processed securely. Encryption is listed as an appropriate technical measure.

But what does encryption mean in real terms? The consequences of data breaches can be devastating, particularly financially. Your business may end up footing the bill for a broad range of costs, including fraud, stolen money, damage or destruction of data, post-attack service disruption, embezzlement and the restoration/deletion of damaged systems. You may also wish to consider the reputational harm that a major data breach, particularly a breach pertaining to customer data, can have on a business, and what sort of impact that’s likely to have on your company’s prospects moving forwards. In short, encryption can help keep your business safe from the cost and time-intensive process of recovering from a data breach, ensuring that your company remains a viable, trustworthy option for consumers.

How to encrypt files with Dropbox

When you’re first starting out on your security journey, learning how to encrypt files can seem like a pretty steep mountain to climb. Fortunately, it doesn’t have to be. As we mentioned earlier, encryption software is often baked into your operating system, although there’s also a broad range of third-party encryption schemes and programs that can provide you with increased protection. But, in any case, you’re probably wondering which of your business’s sensitive files can be encrypted? Simple answer: virtually any file – including text files, data files, emails, disk partitions and directories – can be encrypted, so regardless of where your most vulnerable information is stored, learning how to encrypt files can be advantageous.

Dropbox’s secure platform offers modern encryption standards that can help keep your business’s sensitive data safe from brute force attacks, malware, ransomware and data breaches. So, how does encryption work in Dropbox? Essentially, we process your files by splitting them up into discrete blocks. Each block is encrypted with a strong cipher and only blocks that have been modified between revisions are synchronised. Furthermore, your files are protected when they’re in transit between our apps and servers, as well as when they’re at rest. Dropbox also offers enterprise-grade encrypted cloud security that goes beyond traditional encryption, providing you with an even greater level of protection for your files and data.

Final word

So, what is encryption? Simply put, encryption is one of the most effective ways to keep your files and data protected in an increasingly vulnerable world.

Discover a better way to work together.

Get started with Dropbox Business