Protecting sensitive data has become a requirement for most organizations around the world as data breaches have become increasingly common, and legislation spearheaded by the EU’s General Data Protection Regulation has made companies liable for security incidents in the eyes of the law.
The global average cost of a data breach reached $3.92 million/breach in 2019 according to the Cost of a Data Breach Report released by the Ponemon Institute and IBM Security, with lost business stemming from reputational damage accounting for the biggest chunk. Data Protection Authorities have also shown in the last year that they are not shy about exercising their new powers as, after a period of grace, they began issuing fines that, in Europe, have already exceeded $235,000,000 for a single fine.
As companies realized that data protection is no longer an afterthought, but a building block of any successful modern business, they have started building complex data protection strategies in line with compliance requirements and new international standards. Encryption has emerged as a key element of such strategies and an efficient and simple way to secure data from both malicious outsiders and careless insiders.
Using Encryption to Protect Data at Rest
Data found on work devices is often the most vulnerable to data breaches. Whether it is stored on laptops, removable devices or mobile phones, if a device is stolen or lost, it means data can be easily accessed. Login credentials by themselves do not protect data on company computers from being accessed as they can easily be bypassed by booting a device using a USB drive. Encryption offers an effective way to safeguard data. By encrypting work computers’ hard drives, companies ensure that no matter how a device is booted up, outsiders would not have access to the data stored on it without a decryption key.
Even better, hard drive encryption has now become a standard tool already included in the most popular operating systems: Windows has BitLocker and macOS, FileVault. This means that companies do not have to make any additional investments to enable encryption. Individual files can also be encrypted through the same tools, allowing organizations to add an extra layer of protection to sensitive data files. Encryption of data at rest is especially helpful as a preventive measure in the case of cyberattacks. If data is stolen, it cannot be accessed by cyber-attackers, ensuring that it cannot be used, sold, or made public.
Encrypting Data in Transit
With the rise of remote work during the COVID-19 pandemic, data has never traveled so much. While before, its physical movements were confined to occasional conferences and off-site meetings, now it has been taken out of the security of company offices and into the homes of employees, private spaces whose security is outside the control of organizations, for extended periods of time and by all employees simultaneously. The shift has created a window of opportunity for data loss and theft which encryption can help mitigate.
We’ve already mentioned how hard drive encryption helps prevent data access on stolen or lost computers. However, companies must also ensure data stored on removable devices is just as secure from data breaches. USB drives in particular are widely used as quick data transfer tools, allowing employees to take sensitive data with them everywhere without being encumbered by a laptop. They can also easily be used to steal data from a computer. This is a higher risk in a remote work environment where companies cannot control who enters and leaves the home of an employee and how secure a home is from outsiders.
USB encryption tools like Endpoint Protector’s Enforced Encryption, allow organizations to automatically deploy an encryption solution to all USBs connected to a company computer, effectively ensuring that any sensitive data copied onto USBs will be encrypted with government-approved 256bit AES CBC-mode encryption.
Admins also have the option of resetting passwords in case they have been compromised and wiping USBs remotely by resetting the device, erasing all the files on them. Easy to use and very efficient, such solutions eliminate one of the most common blind spots of data protection strategies, ensuring that any USB stolen or lost will not be accessed by third parties.
While it should always be used as part of a comprehensive data protection strategy that addresses a company’s specific industry and compliance needs, encryption is one of the essential tools companies have at their disposal to protect their data. Easy to adopt and use, once it is implemented, it guarantees that, if attempts are made to steal data or a system is breached, malicious outsiders still do not have direct access to sensitive data.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.