A curious passerby was strolling through London when he noticed a USB stick on the street. He picked it up and later discovered it contained 2.5 GB of unencrypted confidential and restricted information regarding Heathrow Airport’s security protocol, including policies for when the Queen passes through the airport.
Imagine if one of your employees lost a device. What types of information would an unauthorised person be able to access on that device? Unfortunately, probably more they ought to be able to. Businesses are focusing on keeping hackers out of their networks but are failing to protect their data. Only 8 per cent of breached data was encrypted, and over a third of businesses don’t encrypt sensitive data.
No organisation – including yours – is immune to the threat of a data breach, whether by the theft or loss of a device or by a cyber attack. Protecting the perimeter is not enough – you must protect your data. One way to accomplish that goal is through full disk encryption. Even if someone accesses your files, devices or network without authorisation, they won’t be able to view any encrypted sensitive data.
Why encrypt data?
Because of encryption’s powerful algorithms, encrypted data is practically indecipherable without the decryption key. To mount a brute-force attack against 128-bit AES encryption, it would take a supercomputer 1 billion billion years to crack the key.
Not only is encrypting sensitive data a security best practice, but it can help you fulfil the requirements of regulations such as the General Data Protection Regulation (GDPR). Set to go into effect in May 2018, GDPR requires data controllers and processors to “implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including… the pseudonymisation and encryption of personal data.” According to Bloomberg BNA, companies that encrypt personal data can even lower their risk of GDPR fines and will be exempt from GDPR data breach notification requirements.
The cost of implementing encryption is low, especially compared to potential GDPR fines, which can be as much as 4 per cent of annual global turnover or €20 million.
What type of full disk encryption do you need?
When evaluating a full disk encryption solution, look for one that meets all the following criteria:
- Encrypts all devices and data access points, including servers, laptops, USB sticks, email and files/folders
- Uses industry-standard encryption, such as AES (128 bits and higher) or RSA (1024 bits and higher)
- Encrypts data in transit and at rest
- Is easy to implement
- Has a centralised management console to make deploying updates and managing users easy
- Minimises reliance on end users for encrypting files
- Is compatible with your IT systems
At ITS, we use DESlock Encryption by ESET® to ensure your organisation’s data is encrypted in transit and at rest on end-user devices and corporate servers. While there are many encryption products available, we prefer DESlock because of its powerful security, central management, ease of use and minimal reliance on user interaction. To speed up adoption time, our experienced IT support technicians assist in implementation. After all, time is of the essence with GDPR around the corner.
To learn more about how we can help with full disk encryption, visit our Disk Encryption page.
The above article is intended for guidance only and any reliance upon the contents is at your own risk.