Whether you’re an activist living under an autocratic regime, or a law-abiding citizen in the world’s biggest democracy, you have many reasons to fear for the safety of your data. State-sponsored cybercriminals, fraudsters, three-letter agencies and data-hungry corporations will go to great lengths to lay their hands on your files and data and use them for their own ends.
If there’s one thing eavesdroppers and data thieves hate, it’s encryption. It keeps them away from your private and sensitive data—or at the very least gives them enough headaches to go seek prey elsewhere.
Here are seven tips that will beef up your defenses against hackers by encrypting the data you store and share across your devices and the internet.
Encrypted messaging apps
We use messaging apps for a lot of our work and personal communications, ignoring the fact that some of them will not protect us against hackers. Server hacks and man-in-the-middle attacks are two popular methods that can give unwanted parties access to your sensitive messages.
Secure messaging apps such as Signal, which feature end-to-end encryption, scramble your messages in a way that allow on the recipient of the message to read them. While there are several end-to-end encrypted messaging apps out there, Signal is by far the most secure because it stores the least amount of information about its users. A more detailed discussion of messaging app security can be found here.
A hacker with your login credentials or a government agency with a search warrant can scan your emails stored on a server. Just ask John Podesta. In order to protect your mailbox from potential hacks, you can use PGP, a technique that encrypts your messages with a key that only you possess.
PGP might not be very intuitive and user-friendly, but it’s worth the added security. Alternatively, you can sign up for a secure email service such as ProtonMail, which encrypts your emails end-to-end.
A more detailed discussion of email security can be found here.
You might want to prepare in advance for the day your phone or laptop becomes lost or stolen (or gets confiscated by security forces if you’re ruled by a tyrannical regime). And no, a good login-screen password will not protect the files on your computer. Anyone with the most basic IT skills can plug your hard disk into another computer and extract your files.
Full-disk encryption (FDE) automatically encrypts everything that is stored on your drive with a key that is only accessible to you, preventing someone with physical access to your device from accessing your files.
Software such as Symantec Endpoint Encryption offer full-disk encryption, but the latest version of most operating systems already have built-in FDE features. In Windows it’s called BitLocker, in MacOS it’s FileVault. Apple’s iOS 8 and later as well as Android Lollipop (5.x) and higher have full-disk encryption enabled by default.
Encrypted files on the cloud
Encrypting the files you store on the cloud can protect you from unwanted access to your account. A simple option is to store your files in password-protected zip archives before uploading them to your cloud storage. However, the extra manual effort required to zip and unzip your files might be too frustrating.
An alternative is to use third-party tools such as Boxcryptor, which adds client-side encryption to most famous cloud storage services such as Google Drive and Dropbox. You can also opt for secure storage services such as SpiderOak One, which have built-in encryption.
Encrypted data on the go
Thumb drives and memory cards easily get lost, so you if you’re carrying your data on removable media, you should always plan for the worst.
Your best option would probably be to choose a secure memory stick such as datAshur. These USB drives come with built-in hardware encryption protected by a 7-15 PIN code and are compatible with all major operating systems.
If you want to stick to your old memory drive, there are some decent software alternatives. Windows users can encrypt removable drives with BitLocker to Go, and Mac users can use FileVault. Most third-party full-disk encryption software supports removable drive encryption as well.
Encrypted browser traffic
While browsing the internet, make sure you only fill in forms on websites that have addresses starting with “https” (the “s” stands for secure). Sites with plain HTTP don’t encrypt your data and are vulnerable to eavesdropping.
The Electronic Frontier Foundation’s HTTPS Everywhere extension for FireFox, Chrome, and Opera adds a layer of security by encrypting your traffic when you visit major websites.
However, HTTPS does not conceal everything, and an eavesdropper will still be able to monitor the sites and URLs you’re visiting (which sometimes contain sensitive information). A more secure alternative would be to use TOR, a browser that encrypts your entire traffic and forwards it through other computers (called TOR nodes). A malicious actor would no longer be able to extract any information by monitoring your traffic.
Encrypted internet traffic
If you want to go the extra mile to encrypt everything that comes in and goes out of your device, consider using a virtual private network (VPN). VPNs encrypt and forward all your traffic through a server in another geographical location, which makes it difficult to monitor your activities.
A software VPN that offers decent performance is Psiphon, a free-to-use tool that was designed to help people living under the censorship of repressive regimes. Psiphon can be installed on all major desktop and mobile operating systems.
A hardware alternative is Anonabox, a TOR/VPN router that can secure your traffic while also saving you the processing power required to the extra encryption and decryption.
These tips will help you put up a tougher fight against hackers. However, take note that there’s no such thing as absolute security, and encryption per se is not a silver bullet that will fix all your security problems. You still have to adhere to basic cybersecurity principles, such as keeping your operating system and antivirus updated and choosing strong passwords for your account.