Although Mac computers generally have a reputation for being more secure than PCs, this is a myth: these devices are also susceptible to cyberattacks. For example, Kaspersky Lab estimates that 700,000 Mac users were affected by the Flashback Trojan virus by 2014. The virus, which exploited a gap in programming of the Java application, turned Mac computers into “zombie computers” and allowed hackers to gain personal user data.
Researchers have also successfully bypassed one of Apple’s key security features, Gatekeeper, in order to steal user information and install malware. Gatekeeper functions as a security feature for the macOS operating system that verifies applications before running them—in theory helping to deter malware from running on a device.
Parallels® reports that 55% of businesses use (or allow the use) of Mac devices. Businesses must therefore consider how to properly secure these devices and their files.
A key component of cybersecurity is the encryption of files and devices. Encryption helps companies maintain data integrity by making it difficult for hackers to access and read sensitive data.
In this article, you will learn why encryption is an essential security tool for businesses, as well as how to encrypt a file on a Mac computer to protect sensitive company information.
What is encryption?
To understand encryption, it’s first necessary to understand cryptography, which is the science of encrypting and decrypting information.
Encryption is the process of hiding digital information via cryptography. Units of information (called plaintext) are scrambled using an algorithm to encrypt it, at which point it’s referred to as cipherciphertext
Cipher text cannot be read or altered—which is the point. Encryption is intended to make information unreadable to unauthorized users for purposes of confidentiality, integrity, authentication, and non-repudiation of data.
Encryption works by creating random strings of data, called bits, which are used to encrypt and decrypt information in and out of ciphertext. These bits serve as the key to locking and unlocking the data.
The Advanced Encryption Standard (AES) is the most widely used encryption algorithm. Developed by the National Institute of Standards and Technology (NIST), AES uses a cryptographic algorithm developed by the Federal Information Processing Standards (FIPS), which is known as the security standard for transmitting sensitive information.
AES utilizes long blocks of cryptographic code in lengths of 128, 192, or 256 bits. With 256 bits, there are 2256 possible combinations to hack the code. It is therefore virtually impenetrable.
To read encrypted data, unauthorized users must guess which code was used for encryption and what keys were used as variables. The higher the bit value, the lesser the likelihood that brute force attacks could guess the code and unlock the data.
The dangers of doing business without encryption
Since AES is virtually impenetrable, it is used by numerous entities that work with sensitive information, including banks, financial institutions, insurance companies, healthcare companies, and government agencies.
The storage, use, and transfer of sensitive data is heavily regulated in many of these industries. For example, in the insurance industry, using unencrypted security codes is a noncompliance issue with the PCI Security Standards Council (PCI DSS), which covers all entities involved in secure payments and transactions.
As encryption keeps important, confidential information away from unauthorized users, it is one of the most effective ways to reduce the cost of a data leak (also called a data breach).
Data leaks cost companies in a myriad of ways. Consider the following statistics:
The global average annual cost of data breaches for businesses in 2021 rose from $3.86 million to $4.24 million.
In the first half of 2021, suspicious transactions regarding ransomware in the US totaled $590 million.
87% of consumers are willing to cut ties with a business after a data breach takes place.
Data encryption ensures that malicious actors can’t decipher what they’ve accessed. Without encryption, you could potentially expose sensitive information.
In 2020, for example, an unencrypted database with 8 million UK shopping records was mistakenly exposed on search engines. Anyone could find and use the data without a password or any authentication measures.
Should such a data breach occur in your business, your customer’s data could fall into the hands of attackers and result in a costly scenario that tarnishes your reputation and leads you to lose customers.
Since cyberattacks can have such a costly impact, many companies use cybersecurity insurance coverage, which protects users and businesses from the costs of cyberattacks. This market is expected to grow rapidly in the coming years, from 8 billion US dollars in 2020 to 20 billion US dollars in 2025.
Unencrypted data, however, is typically excluded from cybersecurity insurance coverage. Yet unencrypted data remains one of the top four cybersecurity vulnerabilities in the financial services industry. (Malware, unsafe third-party services, and phishing threats are other dangers to data safety.)
Data should be encrypted even when being sent on private networks. In the defense and government industries, for example, communications are encrypted (and therefore protected from unauthorized interception). However, unencrypted communications could be intercepted by anyone that has access to the network.
Even when networks are secure, stolen servers and lost devices put data at risk. For example, a Colorado hospital had unencrypted copies of patient records on an external hard drive. The Colorado Health Department requested copies of multiple records and asked for these to be supplied on an external device.
In contradiction to the health department’s policy, the device was not properly encrypted, and the person responsible for the device lost it. Since the misplaced device was not encrypted, protected health information could potentially be accessed by unauthorized individuals.
Industry-specific regulations
In November 2019, an unencrypted laptop and flash drive were stolen from The University of Rochester Medical Center (URMC). As part of a settlement, URMC paid $3 million to the Office for Civil Rights (OCR) due to potential violations of the Health Insurance Portability and Accountability Act (HIPAA) privacy requirements.
HIPAA details the requirements for storing and sharing protected health information and electronically protected health information (e-PHI), and is just one of many regulatory bodies that certain businesses must comply with. Depending on the industry, enterprises may need to follow specific regulations related to data safety and storage.
Encryption helps institutions meet regulatory requirements, which will vary from industry to industry. Consider the following regulatory and compliance-related entities that have specific encryption-related requirements:
The PCI Security Standards Council (PCI DSS), which covers all entities involved in secure payments and transactions.
The General Data Protection Regulation (GDPR), which involves EU data protection and privacy for users within the EU and covers everything from data retention policies to information sharing. The GDPR applies to any business with customers or users in the EU.
The benefits of encrypting files on a Mac
If the files on your company’s Mac are not encrypted, they pose serious security threats to your organization. Without encryption, third parties could simply remove the drive, attach it to another computer, and upload the drive’s contents to that computer’s operating system.
Encrypting files keeps them safe whether they are on a USB drive, shared via email, or sent to the cloud. Once encrypted, bad actors can’t gain access to your information without your login credentials.
By keeping your device and your files safe, you help your business avoid the costs related to data breaches. These costs can include legal ramifications (an Equifax 2017 data breach, for example, cost the enterprise $700 million in payouts to its US customers.)
These costs can even include damage to your business’s reputation. One Forbes study found that 46% of businesses experience reputational damage to their brand after a data breach.
File safety therefore not only helps your business with compliance, but also helps it avoid costly setbacks from data breaches.
How to encrypt a file using WinZip for Mac
Mac computers come with built-in security measures. For example, computers with Mac OS X 10.3 or later come equipped with FileVault, which is a built-in encryption program on Mac computers. FileVault encrypts all data on your startup disk.
However, since Mac computers are not immune to cyberattacks, encrypting files on Mac devices is not only a data privacy best practice, but it can also be a requirement for your business or industry.
With WinZip® for Mac, you can encrypt files and folders and then control access to who can view these files. By applying powerful AES encryption,
An added benefit of WinZip for Mac is that it reduces file size through compression. This enables you to transfer data more quickly and frees up space on your Mac, portable storage device, or cloud.
You can encrypt a file on a Mac with WinZip by following these steps:
Open WinZip.
Click Encrypt in the Actions pane on your right side.
Drag and drop your files to the NewZip.zip center pane.
Enter a password when the dialog box appears.
Click OK.
Click the Options tab in the Actions pane and choose Encryption Settings.
Set the level of encryption and click Save.
Explore how WinZip can help encrypt your company’s digital assets.