Organizations of all sizes and across industries are implementing data encryption technology to protect to personal information, customer data, trade secrets, employee files, tax information credit card numbers and more. As you look to implement encryption within your organization, there are a few core understandings about the importance of encryption. But first, let’s start with a few basics about encryption and why you should use encryption in your organization today.
Encryption is the process of changing the underlying electronic information that constitutes the data in such a way that it is unreadable by anyone that does not “hold the key.” The key allows the user to change information back to its original form (“decrypt”) so it is usable and readable. Encryption safeguards your organization’s data and information from potential threats and ensures that even if an intruder gained access to your company’s sensitive information, it’s very unlikely they’ll be able to read any of it. Check out What is Encryption and How Does it Work?
Another way to look at it is, encryption protects your data regardless of where the data resides. It protects your data when sitting on your organization’s laptops, data centers and websites. It also protects your data while being transmitted around the internet. Encryption is vital to protecting your data, and the value it holds to your company.
WHY DO YOU NEED ENCRYPTION? BECAUSE EVERYONE WANTS TO STEAL YOUR DATA.
Cyber attacks against your business networks become more sophisticated every year and are no longer limited to Fortune 1000 companies. No organization is safe from the threat of a security breach and increasingly the target for attacks are small businesses who are the most vulnerable. In 2014, 60 percent of all targeted attacks struck small- and medium-sized businesses. More and more now the larger enterprises are sticking up on behalf of the smaller businesses as they see it as critical to their mission. Just ask Apple.
Encryption helps block hackers from using proprietary data and information even if they are able to take advantage of a vulnerability on your website. . Attacks on organizations that hold access to large databases that include customers’ personal and financial information are happening at an increasing rate. Take for instance the recent announcement of over 1 Billion (yes with a “b”) Yahoo accounts compromised. In this case, Yahoo used weak security around passwords, and even unencrypted personal information which now is in the hands of the attackers. Encryption is key in efforts to protect your customer’s’ financial, personal, and user authentication information and acts as an insurance against the possibility of a data breach, which Yahoo is probably wishing they had done at this point.
ENCRYPTION HELPS YOU:
Encryption protects your organization’s valuable information from hackers and rogue employees. For example: If someone were to steal your laptop and/or mobile device or, encryption can prevent them from accessing the sensitive data on your hard drive. For this reason it’s important to ensure your computers or mobile devices hard drive, or at least the sensitive files, are stored in an encrypted form.
Encryption also helps you meet industry regulations. If your organization handles data that might include customer financials and account information, cardholder data and transactions and non-public personal information, it’s highly likely that data generated and/or used by your organization has strict regulations and compliance guidelines. The broad categories that require the most regulation include: financial data, personal health data, private individual data, military and government data, and confidential/sensitive business data. Some examples of regulations and standards that require encryption are: PCI DSS, GLBA, SOX, HIPAA, HITECH and many others.
Encryption can help you safely move to the cloud. If you are concerned about moving highly sensitive information to the cloud, encryption and retention of encryption keys can alleviate concerns with the migration. At all times you retain the control to determine when to deliver or revoke keys and control who sees what information and when. Encrypting your sensitive information in the cloud prevents access to anyone without the key, even if your cloud storage provider’s security fails or another person gains access to your account.
Encryption also helps you stay within Safe Harbor laws from breach notifications. There are data breach notification laws in 47 of the 50 states. If data breach occurs and PII (personal identifiable information) is lost, the breached party must notify all individuals who are impacted. Many of these laws provide exceptions for data which is encrypted with strong and certified methods and keys properly managed. These Safe Harbor clauses greatly minimize the brand and company damage from a breach.
HOW DO I ENCRYPT MY DATA?
List of common encryption tools:
- For laptops and desktop computers: Disk Utility (OS X), The GNU Privacy Guard (linux) VeraCrypt (windows)
- For websites (data in transit): Let’s Encrypt is a great resource to get a free SSL Certificate. SSL encrypts communications to and from your site so no one can “listen in” on the data. Alternatively your current web host likely has options to purchase SSL Certificates, some even provide them free.
- For websites (DNS/CDN): A Domain Name Server (DNS) is what translates your website’s name (www.example.com) to the location of the server it is on. Many new services (Such as Cloudflare and Fastly) are combining this with a Content Delivery Network (CDN) to make your site faster and more secure. They do this by providing free SSL for the requests flowing through their server as well as hosting some of your files (like images) where they can serve them faster to the user requesting them.
- For websites (data at rest): there are lots of tools to encrypt just about every piece of technology in your life, but as far as tools to encrypt your website, its very limited. This is why we created Lockr, to provide simple and seamless encryption options for websites no matter how complex or simple they may be. For additional information on securing your data and websites contact our friends at Townsend Security or Sucuri, both of which sponsor making plugins and modules to help protect your website.
SEPARATE YOUR ENCRYPTED DATA FROM THE KEYS YOU USE TO ACCESS IT.
Once you’ve made the decision that your organization is going to upgrade its security strategy and implement best practices encryption, where your encryption keys are stored becomes of the utmost importance. You should never store your keys alongside your data. You would never keep the combination code to a physical safe on a post-it note next to the safe, so why keep the key to your data with the encrypted data? Hackers don’t guess your key, they find it, so protecting your encrypted data requires a strong key management solution. Lockr’s offsite key management solution protects against critical vulnerabilities, delivers best-practice security to help your company comply with many industry regulations, and provides a Defense in Depth approach to securing your data.
No matter what size business you have, safeguarding data is no longer optional. From government fines to customer relationships, encryption can save you from a lot of financial and public relations pain. With a strong security strategy including encryption and key management, your organization is enabled to do more with your data, applications and products. Save yourself the headache, start encrypting today.