Encryption: A VPN Building Block

When working remotely to improve “cyber posture,” we typically recommend a Virtual Private Network (VPN) as an encrypted “tunnel” between sending and receiving networks to protect the confidentiality of data in the communication. A VPN would not be viable without encryption.

Encryption is a mathematical function. It is the part of a broad science of secret languages, called cryptography, that involves the process of converting plaintext into ciphertext, or “encryption,” and back again, known as “decryption.” Encryption has been around for centuries; one of the first examples dating back to ancient Rome, the Caesar cypher and uses the substitution of a letter by another one further in the alphabet to protect the secrecy of a message.

Central to understanding how encryption—and, indirectly, how VPNs increase security because of encryption—is the number of encryption “keys” that are used during the process of converting plaintext to cyphertext and back. At the highest level, there are two types of encryption:

  1. Symmetric, where the same key is used to both encrypt and decrypt the data
  2. Asymmetric, where “The Public Key” is used to encrypt, and “The Private Key” is used to decrypt. (The Public/Private Key Pair are “related” mathematically.)

Neither type of encryption is better than the other. In fact, both of these technologies are critical in achieving cybersecurity when utilized properly.

As always, HBK Risk Advisory Services (RAS) is glad to offer recommendations on your cyber security program and practices. Contact Bill Heaven at 330-758-8613 or via email at wheaven@hbkcpa.com. HBK RAS is here to answer your questions and discuss your concerns.

About the Author(s)
Bill is a Senior Manager in HBK’s Risk Advisory Services and works out of the firm’s corporate office in Youngstown, Ohio. He specializes in cyber security, IT security, external IT audit, internal IT audit, IT consulting, software Development, IT governance, PCI-DSS, supply chain, system implementations and e-Commerce and has worked for a wide range of industries, including the Public Accounting field. Bill is a certified public accountant, a certified information system auditor, and a certified supply chain professional.
Hill, Barth & King LLC has prepared this material for informational purposes only. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or under any state or local tax law or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. Please do not hesitate to contact us if you have any questions regarding the matter.