News & Blog

What should you know about data encryption

By Francis West on 15th October 2018

The topic of cybersecurity appears regularly in the news and so it’s apparent to all of us the spectre of security breaches, and their consequences looms large. Some of the most prominently featured breaches include an attack on Yahoo in 2014, where 3 billion email accounts were compromised i. Another high-profile breach occurred with Adult Friend Finder, where the hackers attacked 400 million accounts. With the increase in these attacks, the importance of implementing better security, including data encryption is growing.

What is Encryption and why is it important?

Encryption is the most effective way of ensuring data is kept safe. Encryption applies math functions to the data to make it unreadable. It is the science of changing or modifying data so it makes no sense to the intruders. Only you and anyone else who holds the decryption key will be able to reformat the data to make it readable again.

So why is it important?

1. What if someone hacked financial data?

2. What if a criminal uses a computer program to try every word in English, breaks into your company account and gains access to critical files?

3. What if your WiFi network gets tapped?

All of the above scenarios result in malicious users gaining access to your company's private data. The best way to protect the data is by using data encryption.

The top 5 things you need to know about Encryption.

1. Encryption is for everyone and aims to secure information

Don’t think encryption is only for large organisations with many rules and compliance regulations. Encryption is for every individual in the cyber world who wants to keep themselves, their identities and their data safe and secure. Encryption can be configured to be as difficult or as easy as you want to make it. The main idea is to understand the type of data that needs to be encrypted, who should have access to it and (location it should be present - I don’t understand this bit). There are many encryption tools on the market which are affordable and can help to achieve your goals.

2. Encryption gives you the flexibility to move to a cloud-based system

Organisations are worried about moving data to the cloud in case strangers can see it or competitors may be able to access it. Encryption allows you to ensure the privacy of data and the benefits of cloud infrastructure. Wherever you are, even if you leave the building, you will still be in control of the keys. What about the sensitive data? You can instruct the system to create a new key and then shred the old key. Once unencrypted, your data will be available for storage or backups. You can achieve secure multi-tenancy in the cloud with data encryption.

3. Protect accessing or exposing the data

As per ancient tales, if you have a treasure, you should lock it in a safe but then don’t give the key to a stranger! Similarly, your service provider should not have both the encrypted data and the keys. If they have both, they can easily access the data. The best solution for organisations is to encrypt the data and hold the keys to their private data centre. However, some companies do not want to store the encryption keys on their computers. In these instances, it is helpful to have a third party who can take responsibility and control for key management, solve issues that may arise and make sure servers are always accessible.

4. Encryption helps to meet compliance standards and provides peace of mind

Encryption plays a critical role in the payment card industry (PCI) where strict rules govern the protection of data. Moreover, HIPAA/HITECH has made data encryption mandatory for the protection of healthcare information. With the rise in security threats, many more regulations like these stipulate the requirement for data encryption. With GDPR on the horizon, following a breach, companies will need to inform the authorities within 72 hours. If a breach occurs and there is a loss of personal data, companies need to notify the affected individuals immediately. However, regulations state if stolen data is encrypted and the encryption keys have not been compromised, there is no requirement to notify either the individuals or the authorities - because the data is unreadable.

5. Encryption gives you a competitive edge

With encryption and key management software, companies can improve their security parameters, providing a competitive advantage, particularly when attracting new customers. Improved data security measures are also likely to encourage existing customers, particularly those in sensitive sectors, to expand their business. Encryption also ensures your backups are safe because without the keys nobody can decrypt the data on the tapes. Many companies have offices in remote locations and they do not have IT staff at all locations.

Data Encryption is the best security solution to ensure that without the encrypted key data cannot be decrypted and it is protected from theft or loss. Data breaches and theft are protected by Firewalls and VPNs, but there is no alternative for encryption and effective key management to protect important information.

To conclude, we have compiled a few best practices to keep in mind while working with data encryption.

1. Enforce multi-factor authentication - it’s a user-friendly way to safeguard access to data and applications.

2. Allow access to data based on need-to-know and assign lowest privilege security principles or simple roles that will enhance the safety of information- not everyone needs to have Administrator rights!

3. Enforce file level data encryption and protect data during transfer.

In case you need help figuring out if your confidential data is encrypted or not, get in touch with our team of experts. It’s always better to be safe than sorry and we’re here to help.