For instance, if you think that it's easy to decrypt files that properly use good and time-tested commercially available encryption software, then you've got another think coming.
Correct; it's still impossible to break higher end encryption that's secured by private certificate, if you don't have the private certificate (key).
Password based encryption is as weak as the password, regardless of encryption mechanism. We can break AES256 at my office overnight if the seed is hashed off of a plaintext password (out to a limit; you get over 14 characters or have mixed special symbols it broadens the key space to the point we might not have compute time to do it). Meanwhile, if it is instead secured with a proper 4096+ bit key, we won't even try. I'd be long dead and buried before my servers could break it.
And anybody who thinks security ends there is sadly mistaken...this is another area of vulnerability. Multiple layers of security make access to important files incrementally more difficult because each level of security provides an added level of protection against methods that others are vulnerable to.
Correct again.
E.g. Your home network is only as strong as your WiFI password. Use a common English word, surname, or mix of those with maybe a few numbers, your home network could be breached easily.
Then it comes down to what computer level security you have. Windows XP? We're in, in seconds. Windows 7, properly patched, with a decently strong password? Going to take longer. Don't use a password on your PC? You're screwed.
Use the same password on your computer that you use on a website that sends HTTP login info we'll snatch it out of the air and have full access to not only that website but also your computer, and any other (secure HTTPS) website that you happen to use the same login info for.
Use a different password for ALL websites, and computers. (I have to remember hundreds of them for work, it's a pain, but not impossible).
Don't write the password down and stick it on the bezel of your computer.
For example, secure networks don't just rely on firewalls and electronic security access programs. They're also set up to be independent of other networks, and the stations which access them are also in controlled areas. You cannot hack through a firewall by an independent computer if that computer has no physical access to the network.
We use a similar scheme for our storage networks. They are not accessible from the outside world, separate physical switches, etc.
The same philosophy applies to electronic files. If all you take is the bare minimum, then you're setting yourself up for a single-point failure. Just like hand writing a list and then not securing it physically, for example.
I can't count the number of times we've had to send things to DriveSavers because a customer "thought his laptop was backed up" .. (Magically, I imagine). Most of our customers now have us set up forced replication on any work computers to get a snapshot of mobile devices; but invariably, someone starts to do work related stuff on a personal device we don't have control over and then loses it (drive crashes, coffee spills, whatever). We can generally salvage it, but not always.
Also, your backups are only as good as the media they are written to. Had a customer sadly disappointed one time when they were using an off the shelf MagOp disk based backup (this was 15 years ago), disks were bad, they didn't notice. Same thing with tape backups, etc. Those things have a shelf life. As do burnt DVD's!
I have an older laptop, for example, that I could set up as a stand-alone computer and never connect it to a network. If I really wanted to be secure, I could set it up to boot up and run on an operating system installed on a flash drive. I could create and save any files I want and save them as heavily encrypted files on flash drives or micro-SD cards, which I can then remove and physically secure elsewhere. I can shred existing files/erase hard drive space using a shredding program rated to DOD standards. If I was really concerned, I could also physically destroy the laptop hard drive by a variety of means.
Most mobile phones have enough storage to stash an OS on them and boot off of them now. My phone even has a boot menu - if I plug it in to boot off of it, I can choose any Windows OS (workstation or server), either boot in to, or run setup off of. I've used it to rebuild servers from bare metal before.
In the end I would have any data I wanted secured in encrypted flash drives or micro-SD cards which are so small that physically securing them presents any number of possibilities that could frustrate even the most dedicated search for them.
Until you get forgetful and forget where you stashed something that small.
This is why I roll my eyes at a lot of people who don tin hats about how electronic files are "so easy to hack". They're ONLY easy to hack IF they can be found, IF they can be accessed, and IF they can be decrypted.
Security through obscurity still works, always has, always will. Is it 100%? No, but what really, truly is?