12th Feb 2019

What is PGP encryption?

The flow of information that runs through the average business every day is much like the Nile River. It’s massive and holds the potential for danger if you’re not careful. Scammers or devious employees could easily lift data from your payment systems if you let them, and use it to steal your funds.

How can you shield your data from these dangers? A tool called PGP encryption can stop hackers and cyber-criminals in their tracks. To show you how we ask, what is PGP encryption?

Totting up the damages

Think how much sensitive info your organisation is trusted to handle. There are customer, supplier and partner details, as well as personal employee details like National Insurance Numbers. This paints a big target on your back; if hackers can access this data, they can use it to make a lot of money.

Don’t believe us. Look at the numbers. According to The Independent, almost half of UK businesses suffered a cyber-attack or security breach in 2017. The cost of this is staggering. There are numbers which show that the cost of a data breach comes to £2.48 million, on average, for UK organisations.

Then there’s the reputational damage. Case in point, Marriott Hotels. It emerged late last year that around 500,000,000 customer records, from various hotel chains in its portfolio, had been hacked. Some of the info stolen includes credit card and passport details, seriously damaging trust in the brand. How can you avoid your organisation becoming the next Marriott Hotels? Data encryption such as PGP can help you secure your info and reduce the chances of these kinds of data leaks.

PGP encryption 101

The PGP stands for “pretty good privacy”, and that’s what this tool is designed to provide in the encryption stakes. First designed and released in 1991, PGP encryption tech is being constantly updated to make sure it can outsmart the hackers looking to steal your sensitive information. The widely accepted definition of PGP encryption is that it’s an “encryption programme” that uses “cryptographic privacy” for the “authentication of data communication”.

Let’s de-jargon that. It’s a tool used to ‘encrypt’ data and make it unreadable (when it’s either being stored on one device, or sent in a message from one device to another) to anyone other than the person who the data is intended for. This means that even if a cyber-criminal can access the location where the data is held, or access the data when it’s being transmitted, they can’t decipher what it means – so they don’t get any use out of it.

Making data unreadable

But how does it work? Without getting too technical, PGP encryption uses two keys. There’s a public key, which the sender/compiler of information can use to make it unreadable. Then there’s a private key, which creates a digital signature that the receiver or anyone else who needs to access the data can use to decrypt and authenticate it, making it human understandable. Each key is randomly-generated and unique, meaning it’s hard for cyber-criminals to imitate, keeping your info safe.

We can show how this works by comparing PGP encryption to actual keys. Say you’ve got two keys and one box with a lock. The first key would be the only one you can use to lock the box. The second key would be the only one you can use to unlock it. You also might be interested to learn that PGP encryption can be used to secure payment files both in transit and at rest, while making them tamper-proof too, allowing it to serve as one of the most effective security tools in your arsenal.

How secure is PGP encryption?

You can’t be expected to put your faith in PGP encryption tech if you don’t know whether it can survive each and every storm that blows its way. So that’s the issue we’re just to tackle next…

If you use PGP encryption tools in the correct way and said tools are developed by experts, it can offer military-grade data security. It isn’t perfect though; PGP encryption can be vulnerable to email-based scams. A blog from the International Consortium of Investigative journalists explains why…

It argues that in email-based scams designed to break PGP encryption “the attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim”. It goes on to explain that “the victim’s email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.” Basically, the cyber-criminal tricks the victim to download malicious software via email. This infects their device, bypassing the encryption to expose their data.

Is there a solution to this? Yes, follow best practice. That means when you’re engaging with an email which carries PGP encrypted data or using a PGP encrypted file, you need to perform due diligence. It’s wise, for instance, to deactivate HTML, as well as external content, on your email system so you don’t download any malicious software which could be used to steal information from your device.

The AccessPay strategy

So, PGP encryption is a tool which can be used to make the data in online files unreadable to everyone except the person who’s meant to read it, so it’s harder to steal this information.

Because of this, PGP encryption is an invaluable tool for sending and storing payment files. It allows you to shield valuable supplier and customer details like sort codes and account numbers. Here at AccessPay HQ, we can use PGP encryption along with other data protection tech like two-factor authentication and data masking, to provide military-grade security to the payment files you handle and send every day, offering the extra security layers your cash flow needs to always run smoothly.

PGP encryption: A case study

Want to see what we can achieve with PGP encryption? Look at our ITV customer story. ITV came to AccessPay looking for payments software that could handle a large volume of payments while offering full visibility of their cash position. Obviously, security is a big part of any project of that size.

The solution we put in place allows ITV to automate the upload of payment files, eliminating the issue of human error. We also made sure all the files sent from their back-end systems are PGP encrypted using a symmetric algorithm. This protects their sensitive information and stops anyone who isn’t authorised to access files from tampering with them en route, so they’re 100% secure.

Our friendly team would be happy to tell you more about how AccessPay can provide the security tools you need to make payments safely. Get in touch today to find out more.