Don’t put the security of your – or your clients’ – data at risk.
Encryption is a fundamental aspect of information security practice in order to protect sensitive data. Last month we discussed why it is necessary for accountants to encrypt data and outlined ways to achieve this.
How does encryption work?
Manual encryption has been used since Roman times, but the term has become associated with the disguising of information via electronic computers. Encryption is a process basic to cryptology – a science concerned with data communication and storage in secure and usually secret form. It encompasses both cryptography and cryptanalysis.
Cryptography is all about hiding the meaning of messages, and a digital signature is part of a scheme designed to do just this, by simulating the security of a handwritten signature in digital form. It can be used with encrypted and unencrypted messages, so a digital signature can authenticate the identity of the sender of a message or the signer of a document, and possibly ensure that the original content of the message or document that has been sent is unchanged.
Encryption secures data through protocols such as SSL, SSH, PKI and other digital signatures and certificates:
Secure Sockets Layer (SSL) – this is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
Secure Shell (SSH) – this is a network protocol that allows data to be exchanged using a secure channel between two networked devices. The encryption used by SSH provides confidentiality and integrity of data over an insecure network, such as the internet.
Public Key Infrastructure (PKI) – a public key infrastructure supports the distribution and identification of public encryption keys. It enables the users and computers to both securely exchange data over networks such as the internet and verify the identity of the other party. Any form of sensitive data exchanged over the internet is dependent on PKI for security. A certificate is issued by a certified authority to establish the authenticity of the identity of individuals, computers and other entities.
Digital signature and certificates – digital and handwritten signatures are very different. Digital signatures use an algorithm to produce two different but mathematically related ‘keys’ for an individual: one public and one private. These are then used to encode (or scramble) and decode data. Messages generated using the private key can be decoded and read by anyone with access to the public key. Similarly, anyone with access to the public key can use it to send a message, but it can only be decoded and read by the holder of the private key. It offers far more inherent security and solves the problem of tampering and impersonation in digital communications. It can provide the added assurances of evidence to source, identity and status of an electronic document, transaction or message. A digital signature provides an informed consent acknowledgement from the signatory.
Ignorance is not an excuse
In the current world, when technology has taken precedence over all our daily routines, accountants cannot hide behind a lack of knowledge about upcoming changes. It could be an expensive mistake to avoid digital security issues.
Use our online resources to help establish and tailor your own practice policies and browse our courses to expand your industry knowledge.