To start, a reminder that Japan Info Swap is a part of The H&R Group, which provides a wide range of real estate, relocation, staffing, and life-enrichment service in Japan. This blog was created to help communicate the information, knowledge, and expert advice of the H&R Group family of companies to their clients.
The relocation process requires varying degrees of personal information, from immigration documents to housing contracts or driver’s licenses, so we have a lot on hand during our client’s relocation process, and our clients provided all of it to us, usually by email.
As a result, we are understandably a bit paranoid about how this information is sent, stored, and eventually deleted. We can do a lot on our end. Still, we would feel a whole lot better if we could start on our client’s end instead and accomplish our work with full end-to-end encryption of the personal information essential to completing the services initiated to us by our clients.
Encryption changes information in such a way as to make it unreadable without a “key” that allows the information to be put back into its original, readable form. Encryption allows us to securely protect data and ensure that only authorized parties will have access to it.
We strongly recommend that our clients take the initiative and learn how to encrypt documents before sending them. It is easier than one might think, and it is our sincere hope that ancillary to their relocation our clients learn better personal data security habits that will protect them long after they have returned from Japan and forgotten about us.
You might think so, but it is pretty simple to do. The hardest part is securely communicating the password; more on that later. To begin with, encrypting data is easily done using a “document open password,” which requires a user to type a password to open the document. We recommend three options that are probably installed on your computer, at least your office computer, already.
*Please not that “Microsoft passwords are not effective” is a common refrain, and true, if you are referring to edit or print passwords, which are notorious, but a “document open password” is different, and a powerful tool if used correctly with a strong password…more on that later.
Rather than explaining how to add a document open password in each platform, we will link to the explanations that these companies (or other entities) already offer for these software product’s encryption components. In short all you need is find the right pull-down or other menu item and enter a password, and that isn’t much of an oversimplification.
Office 2016 and 2013 provide for AES-256 encryption, which is very secure if a strong password is used. To encrypt a document using Microsoft Word or Excel, follow the instructions below.
Adobe Acrobat Professional offers unbreakable 256 encryption from version 10 (X), which is very secure if a strong password is used. To encrypt a document using Adobe Acrobat Professional, follow the instructions below.
7-Zip is a free and open-source file archiver, a utility used to place groups of files within compressed containers known as “archives.” You may be familiar with “WinZip,” which is similar and also offers an encryption option. If sending multiple documents, adding them all to a password protected and encrypted “archive” file is the most convenient way of sending them securely.
7-Zip is available for download, for free, here, www.7-zip.org
“Cracking” AES-256 encryption is currently impossible…for now, ( though who knows what the NSA or China can do that they are not telling us about…). Cracking the older AES-128 encryption is possible but would cost a lot of money, and likely only a government or large (and exceptionally well funded) criminal organization would attempt it. And why would they? There is a far more straightforward way to get that data most of the time.
Cracking an encrypted file or online account’s weak PASSWORD is far easier than most people understand by “brute force” or “dictionary” attacking the password. Without exaggeration, if the password is not strong enough, an exceptionally bright child could crack it with software downloaded from the internet.
No amount of encryption will protect a file or account unless a strong password is used
How long do you think these passwords will last against a supercomputer running brute force password cracking software against them??
less than 1 second
less than 1 second
about 4 weeks
16 BILLION YEARS
bobcat jerky heart dollar (a “mnemonic” password)
8 SEPTILLION YEARS
Granted, a supercomputer is hard to come by and expensive, but any computer will do it, if more slowly. You can test your password ideas with this site. Please note that you should probably not test your ACTUAL passwords…anywhere.
One mistake that many people and companies make is to go through all the trouble of making an encrypted file and using a strong password, only to send the password AND the file through the same email account. Sometimes they will take the extra step of sending the password in a separate email, but neither is a good idea.
If someone has access to the email account, for example, it gets hacked or an internet company has a rogue employee, they can just open both emails. At best, this protects against accidental forwarding, which is helpful, I suppose. Otherwise, both emails are probably sitting in at least one sent items folder, an inbox, even the deleted items folder, waiting to be discovered, for longer than we are comfortable with.
A better practice is sending the password via a separate channel, for example, SMS, Linkedin, Skype, or a phone call. It’s an extra step and honestly inconvenient, but it offers a MUCH higher level of security, and we think it is worth the effort to protect our clients.
As mentioned earlier, our staff use Lastpass, and you can share a password directly to them from within that system as well. That keeps things very simple, but is still safe!