Information stored on a server in your office may seem relatively secure, but the truth is hackers can break in and steal your data with relative ease. Start sending information via the Internet to vendors and employees working remotely, and the data becomes even more vulnerable.
Would you leave your house unlocked while you’re gone for a weekend trip, allowing a thief could walk right in, take all your valuables, and leave, with almost no effort at all? No, probably not. But yet that’s exactly what you’re doing with your valuable data, which is critical to your business, if you leave it unencrypted.
Because of myriad threats to your digital files, it is very important to encrypt your data. Encryption works by adding a key to a message or file to produce ciphertext, or a coded piece of data. The ciphertext, or encrypted data, can then only be viewed using the key to decrypt the original contents. So even if a hacker is able to intercept encrypted data, it is useless to him without the decryption key.
In the massive data breach at the South Carolina Department of Revenue last year, millions of taxpayers’ personally identifiable information was potentially or actually compromised, partially due to the absence of encryption. (We’ve produced a short video explaining lessons to be learned from the breach, including the importance of encrypting data.)
The main encryption standard in use today, Advanced Encryption Standard (AES), generates 128-bit, 192-bit, or 256-bit encryption keys, depending on the settings. The larger the encryption keys, the better the security, because increasing the number of bits exponentially increases the number of possible combinations a hacker would have to check before arriving at the correct key.
The US Department of Defense has approved both 192-bit and 256-bit encryption keys for protection of data classified at the Top Secret level. To date, no one has been able to crack any AES encryption. Furthermore, the estimated time to break an AES key based on current technology is more than one billion years.
Encrypting individual files and email is a good start, but a more thorough approach is full drive encryption (FDE). This is especially effective when dealing with mobile devices, such as laptops, which are more susceptible to theft and tampering. FDE requires user authentication prior to booting the system. When FDE software is installed, it encrypts the entire hard drive, including files, applications, and the operating system. As new files are added to the disk or existing files are modified, they are automatically encrypted.
Encrypting data is one of the gold standards of digital security. In fact, if you possess highly sensitive data such as personal health information, many insurance carriers will refuse to write you a cyber liability policy if your data is unencrypted. Firms that have less complexity or lower asset information can potentially get coverage without encrypting data, but will pay significantly higher premiums.
But encryption is relatively cheap and easy to accomplish, so it is something that every company should have in its digital arsenal against cyber crooks.
And although encryption significantly bolsters your data protection, remember that encryption alone does not ensure information security. According to eSecurity Planet, even FDE has potential entry points for a hacker in certain situations.
And there are other attacks mechanisms that pose a threat to your information, including spyware, viruses, and privilege escalation programs. So, encryption is just one piece of the IT security puzzle. There are many other important steps you must take to implement a robust security package, including intrusion detection, firewall protection, and virus detection.