Scrambling to Save Your Data
Encryption programs are easy to use, cheap, effective, and they could save your business
Now that we're grown-ups, secret decoder rings just don't cut it anymore. They're really cool, but for sensitive E-mail and the important files we store on our computers, you need something a little more sophisticated. "For a small business, information is everything," says Dustin Dykes, a computer security consultant for Raymond James Consulting in Irving, Tex. "If you have an informational asset, and it's compromised, your business can be gone. The Internet is a public network. It's as though you were sending all your important information on postcards."
It's not just a theoretical threat. Hackers have targeted small businesses before, and the threat increases as small companies go online full-time with their own servers and round-the-clock, high-speed connections to the Web, instead of dial-up connections. The steady hookup makes you less of a moving target, and thus a more tempting one. How do you know whether you should use security for your hard drive or E-mail? Counsels Dykes: "You have to ask: What would it cost if my information is compromised?
Some security products are designed for large enterprises. Those include firewalls that prevent unauthorized Internet users from penetrating your company's internal network. But small businesses are more likely to be interested in security products for individual users and small networks that protect the contents of hard drive and E-mail messages. These programs encrypt your data, which scrambles it so that it looks like gibberish to prying eyes. The programs then unscramble it when you or your E-mail recipient are ready to read it.
Encryption programs have three things in common. First, they are easy to use, because no matter how stringent the encryption, there's no security if the program is too much of a hassle to use. Second, these programs are inexpensive. Business Week Online examined three such programs, all of which cost less than $100. Third, while they are cheap and easy to use, there is a lot of complex computing going on beneath the surface.
Most encryption products use "keys" to scramble and unscramble information. To use a key, you type in a password, and the security program then scrambles or unscrambles the data. A key is made up of bits, which are single shards of digital information, zeroes or ones. The size of the key is essential to digital security. Older encryption programs use 40-bit keys, which determined hackers can break, but many programs now have 128-bit keys, which so far have been unbreakable.
A second factor related to security is how keys are used. Some security systems use a single key and password. However, to exchange information with others, such as in an E-mail message, you first must share that password and key with the recipient. This, in itself, can be an insecure operation. For instance, if you call your associate and give them the password, eavesdroppers may hear it. That's why some security programs use the so-called private key/public key arrangement. With this plan, you exchange public keys with others, but you also must use a second, more secure, private key to encrypt and decrypt information, and that one is located only on your computer.
A third method used by some programs for ensuring the security of E-mail messages is digital certificates, which are attached to the messages. The security program examines them and confirms that the sender and receiver are who they claim to be and that nobody has tampered with the message while it was in transit.
Despite all this complexity, our examination of three encryption programs found that they were, indeed, quite easy to use. For desktop security, we tried Your Eyes Only (YEO) from Symantec, which works virtually invisibly. Using a simple dialog box, you can designate specific folders on your hard drive as secure. YEO then automatically encrypts all the files saved in those folders and decrypts them only after you've supplied the proper password.
RPK InvisiMail from InvisiMail International is so simple to use you may forget it's there after you install it. You simply send a message to another InvisiMail user, and he or she replies. After that, you have each other's public keys, and all messages between you are automatically encrypted and decrypted. However, InvisiMail is only for E-mail. It doesn't encrypt items on your hard drive.
PGP Personal Privacy from Network Associates does handle files on your hard drive as well as E-mail. It is slightly less transparent than InvisiMail since you must separately exchange files containing public keys -- it doesn't automate the process as much as InvisiMail. But after that, all messages you exchange with your PGP correspondents are automatically protected. In addition, by clicking on buttons on a small toolbar, PGP Personal Privacy will encrypt files on your hard drive, though not entire folders, as does YEO.
By David Haskin in Madison, Wis.