The Plain English Guide To: Encryption

Switch to Microsoft 365

Executive Summary

  • With 4500 successful cyberattacks taking place every day in the UK, bolstering your IT security is more important than ever.
  • Encryption is a method of securing your business data by making it unreadable without authentication.
  • In this guide, we’ll explain three types of encryption: in transit, at rest, and file-level encryption.



Even the word itself can seem a little… cryptic.

And when you’re trying to work out exactly how encryption could help your business, things can get even more confusing.

It’s for this reason that we’ve created this Plain English Guide on the topic of encryption. More specifically, we’ll look at exactly how you – as a business owner or manager – can make use of encryption to protect your business from cyberattacks and other IT breaches.

This includes data moving in and out of your network, sitting on hard drives, or even for specific files.

Let’s get started.

What is encryption?

In the context of IT and computing, encryption refers to the process of encoding data so that it cannot be read by anyone without authorisation.

Imagine a Microsoft Word document. Unencrypted, you’ll be able to read it as normal. Encrypt the data, however, and the document would look like a scrambled mess of letters, numbers, and symbols – if you could even open it at all. But, if you’re an authorised user and have the ‘key’ to decrypt the file (a password, for example), you’ll be able to decrypt and view the file.

That’s encryption in plain English, but there’s a bit more to it than that. In IT, there are really three main types of encryption you should be aware of:

  • In transit
  • At rest
  • File-based

Let’s now dig a little deeper and go into each of these in detail.

Encryption In Transit

We’ll start with what’s arguably the data at highest risk, at least within a business, and that’s data in transit.

In a nutshell, data is said to be ‘in transit’ whenever it’s being moved from one place to another. This could be something as simple as accessing a website and having its content delivered from the server via the internet, or something more complex – like uploading large files to cloud services like Microsoft OneDrive or Dropbox.

Data in transit is at significant risk, because there’s always a chance that cyberattackers could hijack it while it’s ‘mid-flight’. So, for example, if you were to enter your credit card details on an insecure website, it’s as simple as the attacker just copying them down.

It’s here that encryption in transit comes into play.

By encrypting data during transmission, (and decrypting it on the other end), we can make the whole process much safer and more secure. Using the same example from above, if an attacker were to intercept your encrypted credit card data, they wouldn’t be able to use it.

Here are a couple of examples of encryption in transit which you might come across in your day-to-life as a business owner:

  • HTTPS is the most secure form of communication for websites, and you should see it anywhere you’re entering sensitive data, like credit card info. HTTPS is a bi-directional form of encryption, meaning so-called ‘man in the middle’ attacks are ineffective.

    Top tip: To check if the website you’re visiting is using this secure technology, look for the ‘padlock’ icon near your browser’s address bar.

  • Email is another very common form of data in transit, but it’s not always encrypted.

    Progress is being made on this front, with many email providers using an encryption technology called ‘Transport Layer Security’, or TLS – but many emails are still sent unencrypted. If this is something you’re very concerned about because your business handles sensitive data, just get in touch with the Get Support team and ask about Microsoft 365 Message Encryption.

Encryption At Rest

The next form of encryption you should be aware of relates to data at rest.

As you might have surmised, this refers to data which remains in one place – like being stored on a hard drive or USB stick. Data at rest represents a bit of different challenge because it opens the door to physical intervention of the data. Put simply: theft.

Luckily, there are plenty of options out there to provide protection for your data at rest.

Here are some of the best:

  • Full disk encryption is one of the most effective forms of protecting your data at rest. Essentially, this uses an advanced algorithm to encrypt your entire hard drive with your password serving as the key to decrypt it. Your drive is actually always encrypted, and the system decrypts in on-the-fly as you work. This means that if anyone were to access your drive without the password, the data would still be secure.

    For non-Home editions of Windows 10, you can use the included BitLocker feature to encrypt your drive. If you’re a Mac user, main drive encryption is enabled by default using FileVault. Since OS X Yosemite in 2014, you actively need to opt-out if (for some reason) you’d prefer not to use encryption.

  • This may sound ridiculously simple, but a strong password can be one of the best tools to protect your data at rest. Whether that’s your Windows account password, you iCloud password, or even just a single password-protected Word or Excel file – it really matters. Don’t forget: even the world’s greatest encryption algorithm can be beaten by single a weak password. Sometimes it really is that simple.

    If you’re worried about the strength of your passwords, we’d recommend checking out a few of the best Password Managers for added security.

File-level encryption

Now that you’re familiar with the concept of encryption both in transit and at rest, let’s look at a scenario where either or both types of encryption might apply.

File-level encryption is something that is particularly useful to businesses who work with very sensitive data to be kept away from prying eyes. In these cases, it makes sense to encrypt data at the individual file level with a security tool like Azure Information Protection.

With this powerful security tool, you can bring a new level of security to your files – no matter if they’re being emailed or delivered in person on a USB stick.

Here’s how Azure Information Protection can help:

  • Manage access rights on a persistent basis. Emailed a file to the wrong person? Simply revoke permission remotely and they won’t be able to access it.
  • Monitor and track file usage. Use logging and reporting tools to monitor how your data is being accessed. This gives you the insight to revoke access when necessary.
  • Assign access policies based on users. It’s easy to grant file permissions to entire groups of users or just a single person.

Want to know more about Azure Information Protection could keep your data locked up tight? Get in touch today.

Worried about your cybersecurity? Call the experts

At Get Support, we’ve spent decades learning all there is to know about cybersecurity, especially for small and medium-sized businesses.

Whether you’re confused about how to make the most of security tools like encryption, or you just want to ensure that your company’s IT is working at its best, our team can help.

Call in the Get Support IT experts today on 01865 59 4000 and we’ll help you boost your cybersecurity, the Plain English way.

Latest From The Blog

Viva Connections

What’s That App? A Beginner’s Guide to Microsoft Viva

In this edition of “What’s That App?”, we’re looking into the employee experience and engagement platform Microsoft Viva. Could it be the catalyst to your business thriving in the new remote working economy?

The Great LinkedIn Data Scrape (And What It Means for UK Businesses)

In mid-2021, a group of hackers managed to access the data of 700 million LinkedIn users via a method called ‘scraping’. Here’s what UK businesses need to know about this potential cyber security risk.
Data Backup

IT Support Insider: Backup, Disaster Recovery, and Business Continuity

In this edition of our IT Support Insider series, we’re turning our attention to an area of computing which can be a genuine lifesaver: backup, disaster recovery, and business continuity